diff options
author | Martin Jansa <martin.jansa@gmail.com> | 2019-05-17 20:16:17 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-07-27 18:05:18 +0100 |
commit | 016a0b830e65cdd71830ddf12fec8ca795b0f264 (patch) | |
tree | e628136c17dab595baa452a900dc8a484409c917 /meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch | |
parent | 81439e7d18ad12b25c67812c5277c24c92c8e3b5 (diff) | |
download | poky-016a0b830e65cdd71830ddf12fec8ca795b0f264.tar.gz |
python: add a fix for CVE-2019-9948 and CVE-2019-9636
Source: OpenEmbedded.org
MR: 98320, 98319
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-devtools/python/python_2.7.16.bb?id=9d23b982fa4e0290761b3d15f6959779fed72ad6
ChangeID: e79b6fe3b7b4253bf0d76b029070ae869d5234bd
Description:
Fixes:
CVE-2019-9948
CVE-2019-9636
CVE-2019-9940 is a dup of 9948 per python.org
CVE-2019-9947 appears to be a dup of 9940 per https://bugs.python.org/issue30458#msg295067
(From OE-Core rev: e7bdff05da6075efc21c5ac9492b06e481e5a239)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Minor clean up for thud]
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch')
-rw-r--r-- | meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch b/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch new file mode 100644 index 0000000000..2ce4d2cde7 --- /dev/null +++ b/meta/recipes-devtools/python/python/bpo-36216-cve-2019-9636-fix.patch | |||
@@ -0,0 +1,28 @@ | |||
1 | From 06b5ee585d6e76bdbb4002f642d864d860cbbd2b Mon Sep 17 00:00:00 2001 | ||
2 | From: Steve Dower <steve.dower@python.org> | ||
3 | Date: Tue, 12 Mar 2019 08:23:33 -0700 | ||
4 | Subject: [PATCH] bpo-36216: Only print test messages when verbose | ||
5 | |||
6 | CVE: CVE-2019-9636 | ||
7 | |||
8 | Upstream-Status: Backport https://github.com/python/cpython/pull/12291/commits/06b5ee585d6e76bdbb4002f642d864d860cbbd2b | ||
9 | |||
10 | Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> | ||
11 | --- | ||
12 | Lib/test/test_urlparse.py | 3 ++- | ||
13 | 1 file changed, 2 insertions(+), 1 deletion(-) | ||
14 | |||
15 | diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py | ||
16 | index 73b0228ea8e3..1830d0b28688 100644 | ||
17 | --- a/Lib/test/test_urlparse.py | ||
18 | +++ b/Lib/test/test_urlparse.py | ||
19 | @@ -644,7 +644,8 @@ def test_urlsplit_normalization(self): | ||
20 | for scheme in [u"http", u"https", u"ftp"]: | ||
21 | for c in denorm_chars: | ||
22 | url = u"{}://netloc{}false.netloc/path".format(scheme, c) | ||
23 | - print "Checking %r" % url | ||
24 | + if test_support.verbose: | ||
25 | + print "Checking %r" % url | ||
26 | with self.assertRaises(ValueError): | ||
27 | urlparse.urlsplit(url) | ||
28 | |||