1 files changed, 0 insertions, 55 deletions
diff --git a/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
deleted file mode 100644
index f4c225d2fc..0000000000
--- a/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 8f99cc799e4393bf1112b9395b2342f81b3f45ef Mon Sep 17 00:00:00 2001
-From: push0ebp <push0ebp@shl-MacBook-Pro.local>
-Date: Thu, 14 Feb 2019 02:05:46 +0900
-Subject: [PATCH] bpo-35907: Avoid file reading as disallowing the unnecessary
- URL scheme in urllib
-Upstream-Status: Submitted https://github.com/python/cpython/pull/11842
-CVE: CVE-2019-9948
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
---
- Lib/test/test_urllib.py | 12 ++++++++++++
- Lib/urllib.py           |  5 ++++-
- 2 files changed, 16 insertions(+), 1 deletion(-)
-diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
-index 1ce9201c0693..e5f210e62a18 100644
--- a/Lib/test/test_urllib.py
-+++ b/Lib/test/test_urllib.py
-@@ -1023,6 +1023,18 @@ def open_spam(self, url):
-             "spam://c:|windows%/:=&?~#+!$,;'@()*[]|/path/"),
-             "//c:|windows%/:=&?~#+!$,;'@()*[]|/path/")
- 
-+    def test_local_file_open(self):
-+        class DummyURLopener(urllib.URLopener):
-+            def open_local_file(self, url):
-+                return url
-+        self.assertEqual(DummyURLopener().open(
-+            'local-file://example'), '//example')
-+        self.assertEqual(DummyURLopener().open(
-+            'local_file://example'), '//example')
-+        self.assertRaises(IOError, urllib.urlopen,
-+            'local-file://example')
-+        self.assertRaises(IOError, urllib.urlopen,
-+            'local_file://example')
- 
- # Just commented them out.
- # Can't really tell why keep failing in windows and sparc.
-diff --git a/Lib/urllib.py b/Lib/urllib.py
-index d85504a5cb7e..a24e9a5c68fb 100644
--- a/Lib/urllib.py
-+++ b/Lib/urllib.py
-@@ -203,7 +203,10 @@ def open(self, fullurl, data=None):
-         name = 'open_' + urltype
-         self.type = urltype
-         name = name.replace('-', '_')
-        if not hasattr(self, name):
-+        
-+        # bpo-35907: # disallow the file reading with the type not allowed
-+        if not hasattr(self, name) or \
-+            (self == _urlopener and name == 'open_local_file'):
-             if proxy:
-                 return self.open_unknown_proxy(proxy, fullurl, data)
-             else:

diff --git a/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch b/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch deleted file mode 100644 index f4c225d2fc..0000000000 --- a/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch +++ /dev/null
@@ -1,55 +0,0 @@
1	From 8f99cc799e4393bf1112b9395b2342f81b3f45ef Mon Sep 17 00:00:00 2001
2	From: push0ebp <push0ebp@shl-MacBook-Pro.local>
3	Date: Thu, 14 Feb 2019 02:05:46 +0900
4	Subject: [PATCH] bpo-35907: Avoid file reading as disallowing the unnecessary
5	URL scheme in urllib
6
7	Upstream-Status: Submitted https://github.com/python/cpython/pull/11842
8
9	CVE: CVE-2019-9948
10
11	Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
12	---
13	Lib/test/test_urllib.py \| 12 ++++++++++++
14	Lib/urllib.py \| 5 ++++-
15	2 files changed, 16 insertions(+), 1 deletion(-)
16
17	diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
18	index 1ce9201c0693..e5f210e62a18 100644
19	--- a/Lib/test/test_urllib.py
20	+++ b/Lib/test/test_urllib.py
21	@@ -1023,6 +1023,18 @@ def open_spam(self, url):
22	"spam://c:\|windows%/:=&?~#+!$,;'@()*[]\|/path/"),
23	"//c:\|windows%/:=&?~#+!$,;'@()*[]\|/path/")
24
25	+ def test_local_file_open(self):
26	+ class DummyURLopener(urllib.URLopener):
27	+ def open_local_file(self, url):
28	+ return url
29	+ self.assertEqual(DummyURLopener().open(
30	+ 'local-file://example'), '//example')
31	+ self.assertEqual(DummyURLopener().open(
32	+ 'local_file://example'), '//example')
33	+ self.assertRaises(IOError, urllib.urlopen,
34	+ 'local-file://example')
35	+ self.assertRaises(IOError, urllib.urlopen,
36	+ 'local_file://example')
37
38	# Just commented them out.
39	# Can't really tell why keep failing in windows and sparc.
40	diff --git a/Lib/urllib.py b/Lib/urllib.py
41	index d85504a5cb7e..a24e9a5c68fb 100644
42	--- a/Lib/urllib.py
43	+++ b/Lib/urllib.py
44	@@ -203,7 +203,10 @@ def open(self, fullurl, data=None):
45	name = 'open_' + urltype
46	self.type = urltype
47	name = name.replace('-', '_')
48	- if not hasattr(self, name):
49	+
50	+ # bpo-35907: # disallow the file reading with the type not allowed
51	+ if not hasattr(self, name) or \
52	+ (self == _urlopener and name == 'open_local_file'):
53	if proxy:
54	return self.open_unknown_proxy(proxy, fullurl, data)
55	else: