churchyard / rpms / python3

Forked from rpms/python3 6 years ago
Clone
Source Code
GIT

Blame 00197-fix-CVE-2014-4650.patch

00339 3.7.1 3.7.3 3.7.3rc1 3.7.4 3.7.4rc1 3.7.4rc2 3.8.0 3.8.0rc1 3.8.1 3.8.1rc1 3.8.2 3.8.2rc1 3.8.3 3.8.3rc1 370 372 CVE-2019-5010 CVE-2019-9636 EXTRA_CFLAGS b4 bootnotes bz1515357 bz1547131 bz1644936 cleanup cve debugflags devel-setuptools extension_cflags f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f25-cve-2017-1000158 f26 f27 f27-366 f28-368 f28-CVE-2019-9636 f28-security-sync f28-test_support f29-3.7.3 f29-3.7.5 f29-CVE-2019-9636 f29-sync f30-00339 f30-3.7.5 f30-3.7.6 f30-pathfix f31-00339 f31-3.7.5 f31-3.7.6 f31-auto-churchyard-archnames f31-sync f32-3.8.5 f32-3.8.7 f32-3.8.8 f32-CVE-2021-3177 f32-auto-churchyard-archnames f32-no_arm_check f32-sqlitetest f32-sync flatpak_prefix gdbm_fix gettextbin library-not-linked-against-libc license markdownstream-only master mycleanup nightly no-findleaks no_anaconda noexe noskip openssl_config_workaround optimize_all_arches patch302 patch307 pathfix pathfix_gdbhooks pathfix_nobackup platform_python_srpm private-torsava-master provision py37 py_byte_compile python3.3 python3.4 python_provide pythoninfo rebase38 recommend-tkinter recommends redhat-rpm-config retire_platpy review_stuff rpm_deps rpm_wheels rpmlint rpmlintrc semantic_all setuptools45 skip_test_bdist_wininst skip_test_multiprocessing_fork source_date_epoch_from_changelog_0 source_epoch sudo_pip_install_prefix system-python-removal test_ci_selftest test_email-mktime test_support the_big_switch tls13 toolsmove valgrind_arches verify_sources
  1.   f19
  2.   00197-fix-CVE-2014-4650.patch
Blob History Raw
899a2ce 
# HG changeset patch
899a2ce 
# User Benjamin Peterson <benjamin@python.org>
899a2ce 
# Date 1402796473 25200
899a2ce 
# Node ID 847e288d6e93dba049c280f40979e16a1378d0f6
899a2ce 
# Parent  6f1f387759913d91cb307d2783b3a40c48fe7424# Parent  5676797f3a3eccaf38e2c500e77ed39c68923cc9
899a2ce 
merge 3.3 (#21766)
899a2ce
899a2ce 
diff --git a/Lib/http/server.py b/Lib/http/server.py
899a2ce 
--- a/Lib/http/server.py
899a2ce 
+++ b/Lib/http/server.py
899a2ce 
@@ -977,7 +977,7 @@ class CGIHTTPRequestHandler(SimpleHTTPRe
899a2ce 
         (and the next character is a '/' or the end of the string).
899a2ce
899a2ce 
         """
899a2ce 
-        collapsed_path = _url_collapse_path(self.path)
899a2ce 
+        collapsed_path = _url_collapse_path(urllib.parse.unquote(self.path))
899a2ce 
         dir_sep = collapsed_path.find('/', 1)
899a2ce 
         head, tail = collapsed_path[:dir_sep], collapsed_path[dir_sep+1:]
899a2ce 
         if head in self.cgi_directories:
899a2ce 
diff --git a/Lib/test/test_httpservers.py b/Lib/test/test_httpservers.py
899a2ce 
--- a/Lib/test/test_httpservers.py
899a2ce 
+++ b/Lib/test/test_httpservers.py
899a2ce 
@@ -485,6 +485,11 @@ class CGIHTTPServerTestCase(BaseTestCase
899a2ce 
                 (res.read(), res.getheader('Content-type'), res.status))
899a2ce 
         self.assertEqual(os.environ['SERVER_SOFTWARE'], signature)
899a2ce
899a2ce 
+    def test_urlquote_decoding_in_cgi_check(self):
899a2ce 
+        res = self.request('/cgi-bin%2ffile1.py')
899a2ce 
+        self.assertEqual((b'Hello World\n', 'text/html', 200),
899a2ce 
+                (res.read(), res.getheader('Content-type'), res.status))
899a2ce 
+
899a2ce
899a2ce 
 class SocketlessRequestHandler(SimpleHTTPRequestHandler):
899a2ce 
     def __init__(self):
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.