From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001
From: takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp>
Date: Mon, 2 Nov 2020 11:07:33 +0900
Subject: basesystem-jj recipes

---
 .../python/python/bpo-35907-cve-2019-9948.patch    | 55 ----------------------
 1 file changed, 55 deletions(-)
 delete mode 100644 external/poky/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch

(limited to 'external/poky/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch')

diff --git a/external/poky/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch b/external/poky/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
deleted file mode 100644
index f4c225d2..00000000
--- a/external/poky/meta/recipes-devtools/python/python/bpo-35907-cve-2019-9948.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 8f99cc799e4393bf1112b9395b2342f81b3f45ef Mon Sep 17 00:00:00 2001
-From: push0ebp <push0ebp@shl-MacBook-Pro.local>
-Date: Thu, 14 Feb 2019 02:05:46 +0900
-Subject: [PATCH] bpo-35907: Avoid file reading as disallowing the unnecessary
- URL scheme in urllib
-
-Upstream-Status: Submitted https://github.com/python/cpython/pull/11842
-
-CVE: CVE-2019-9948
-
-Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
----
- Lib/test/test_urllib.py | 12 ++++++++++++
- Lib/urllib.py           |  5 ++++-
- 2 files changed, 16 insertions(+), 1 deletion(-)
-
-diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
-index 1ce9201c0693..e5f210e62a18 100644
---- a/Lib/test/test_urllib.py
-+++ b/Lib/test/test_urllib.py
-@@ -1023,6 +1023,18 @@ def open_spam(self, url):
-             "spam://c:|windows%/:=&?~#+!$,;'@()*[]|/path/"),
-             "//c:|windows%/:=&?~#+!$,;'@()*[]|/path/")
- 
-+    def test_local_file_open(self):
-+        class DummyURLopener(urllib.URLopener):
-+            def open_local_file(self, url):
-+                return url
-+        self.assertEqual(DummyURLopener().open(
-+            'local-file://example'), '//example')
-+        self.assertEqual(DummyURLopener().open(
-+            'local_file://example'), '//example')
-+        self.assertRaises(IOError, urllib.urlopen,
-+            'local-file://example')
-+        self.assertRaises(IOError, urllib.urlopen,
-+            'local_file://example')
- 
- # Just commented them out.
- # Can't really tell why keep failing in windows and sparc.
-diff --git a/Lib/urllib.py b/Lib/urllib.py
-index d85504a5cb7e..a24e9a5c68fb 100644
---- a/Lib/urllib.py
-+++ b/Lib/urllib.py
-@@ -203,7 +203,10 @@ def open(self, fullurl, data=None):
-         name = 'open_' + urltype
-         self.type = urltype
-         name = name.replace('-', '_')
--        if not hasattr(self, name):
-+        
-+        # bpo-35907: # disallow the file reading with the type not allowed
-+        if not hasattr(self, name) or \
-+            (self == _urlopener and name == 'open_local_file'):
-             if proxy:
-                 return self.open_unknown_proxy(proxy, fullurl, data)
-             else:
-- 
cgit 1.2.3-korg