Commit dc854dae authored by Matthias Klose's avatar Matthias Klose

* Update to 20190708 from the 2.7 branch.

  * Bump standards version.
parent cebe3c0e
python2.7 (2.7.16-3) unstable; urgency=medium
* Update to 20190708 from the 2.7 branch.
* Bump standards version.
-- Matthias Klose <doko@debian.org> Mon, 08 Jul 2019 11:45:29 +0200
python2.7 (2.7.16-2) unstable; urgency=high
[ Matthias Klose ]
......
......@@ -21,7 +21,7 @@ Build-Conflicts: tcl8.4-dev, tk8.4-dev,
python2.7-xml, python-xml,
autoconf2.13, python-cxx-dev,
hardening-wrapper
Standards-Version: 4.3.0
Standards-Version: 4.4.0
Vcs-Browser: https://salsa.debian.org/cpython-team/python2
Vcs-Git: https://salsa.debian.org/cpython-team/python2.git
XS-Testsuite: autopkgtest
......
......@@ -21,7 +21,7 @@ Build-Conflicts: tcl8.4-dev, tk8.4-dev,
@PVER@-xml, python-xml,
autoconf2.13, python-cxx-dev,
hardening-wrapper
Standards-Version: 4.3.0
Standards-Version: 4.4.0
Vcs-Browser: https://salsa.debian.org/cpython-team/python2
Vcs-Git: https://salsa.debian.org/cpython-team/python2.git
XS-Testsuite: autopkgtest
......
# DP: Allow setting BASECFLAGS, OPT and EXTRA_LDFLAGS (like, CC, CXX, CPP,
# DP: CFLAGS, CPPFLAGS, CCSHARED, LDSHARED) from the environment.
Index: b/Lib/distutils/sysconfig.py
===================================================================
--- a/Lib/distutils/sysconfig.py
+++ b/Lib/distutils/sysconfig.py
@@ -174,10 +174,12 @@ def customize_compiler(compiler):
@@ -184,10 +184,12 @@ def customize_compiler(compiler):
_osx_support.customize_compiler(_config_vars)
_config_vars['CUSTOMIZED_OSX_COMPILER'] = 'True'
- (cc, cxx, opt, cflags, ccshared, ldshared, so_ext, ar, ar_flags) = \
- get_config_vars('CC', 'CXX', 'OPT', 'CFLAGS',
- (cc, cxx, cflags, ccshared, ldshared, so_ext, ar, ar_flags) = \
- get_config_vars('CC', 'CXX', 'CFLAGS',
- 'CCSHARED', 'LDSHARED', 'SO', 'AR',
- 'ARFLAGS')
+ (cc, cxx, opt, cflags, extra_cflags, basecflags,
+ (cc, cxx, cflags, extra_cflags, basecflags,
+ ccshared, ldshared, so_ext, ar, ar_flags,
+ configure_cppflags, configure_cflags, configure_ldflags) = \
+ get_config_vars('CC', 'CXX', 'OPT', 'CFLAGS', 'EXTRA_CFLAGS', 'BASECFLAGS',
+ get_config_vars('CC', 'CXX', 'CFLAGS', 'EXTRA_CFLAGS', 'BASECFLAGS',
+ 'CCSHARED', 'LDSHARED', 'SO', 'AR', 'ARFLAGS',
+ 'CONFIGURE_CPPFLAGS', 'CONFIGURE_CFLAGS', 'CONFIGURE_LDFLAGS')
if 'CC' in os.environ:
newcc = os.environ['CC']
@@ -198,13 +200,27 @@ def customize_compiler(compiler):
@@ -208,13 +210,24 @@ def customize_compiler(compiler):
cpp = cc + " -E" # not always
if 'LDFLAGS' in os.environ:
ldshared = ldshared + ' ' + os.environ['LDFLAGS']
......@@ -30,15 +28,12 @@ Index: b/Lib/distutils/sysconfig.py
+ ldshared = ldshared + ' ' + configure_ldflags
+ if 'BASECFLAGS' in os.environ:
+ basecflags = os.environ['BASECFLAGS']
+ if 'OPT' in os.environ:
+ opt = os.environ['OPT']
+ cflags = ' '.join(str(x) for x in (basecflags, opt, extra_cflags) if x)
if 'CFLAGS' in os.environ:
- cflags = opt + ' ' + os.environ['CFLAGS']
+ cflags = ' '.join(str(x) for x in (opt, basecflags, os.environ['CFLAGS'], extra_cflags) if x)
- cflags = cflags + ' ' + os.environ['CFLAGS']
+ cflags = ' '.join(str(x) for x in (basecflags, os.environ['CFLAGS'], extra_cflags) if x)
ldshared = ldshared + ' ' + os.environ['CFLAGS']
+ elif configure_cflags:
+ cflags = ' '.join(str(x) for x in (opt, basecflags, configure_cflags, extra_cflags) if x)
+ cflags = ' '.join(str(x) for x in (basecflags, configure_cflags, extra_cflags) if x)
+ ldshared = ldshared + ' ' + configure_cflags
if 'CPPFLAGS' in os.environ:
cpp = cpp + ' ' + os.environ['CPPFLAGS']
......@@ -51,3 +46,12 @@ Index: b/Lib/distutils/sysconfig.py
if 'AR' in os.environ:
ar = os.environ['AR']
if 'ARFLAGS' in os.environ:
@@ -228,7 +241,7 @@ def customize_compiler(compiler):
compiler=cc_cmd,
compiler_so=cc_cmd + ' ' + ccshared,
compiler_cxx=cxx,
- linker_so=ldshared,
+ linker_so=ldshared + ' ' + ccshared,
linker_exe=cc,
archiver=archiver)
......@@ -14,9 +14,9 @@
__all__ = ["version", "bootstrap"]
-_SETUPTOOLS_VERSION = "40.6.2"
-_SETUPTOOLS_VERSION = "40.8.0"
-
-_PIP_VERSION = "18.1"
-_PIP_VERSION = "19.0.3"
-
_PROJECTS = [
- ("setuptools", _SETUPTOOLS_VERSION),
......
This source diff could not be displayed because it is too large. You can view the blob instead.
# DP: Proposed patch for https://bugs.python.org/issue35907
diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
index 1ce9201c0693..e5f210e62a18 100644
--- a/Lib/test/test_urllib.py
+++ b/Lib/test/test_urllib.py
@@ -1023,6 +1023,18 @@ def open_spam(self, url):
"spam://c:|windows%/:=&?~#+!$,;'@()*[]|/path/"),
"//c:|windows%/:=&?~#+!$,;'@()*[]|/path/")
+ def test_local_file_open(self):
+ class DummyURLopener(urllib.URLopener):
+ def open_local_file(self, url):
+ return url
+ self.assertEqual(DummyURLopener().open(
+ 'local-file://example'), '//example')
+ self.assertEqual(DummyURLopener().open(
+ 'local_file://example'), '//example')
+ self.assertRaises(IOError, urllib.urlopen,
+ 'local-file://example')
+ self.assertRaises(IOError, urllib.urlopen,
+ 'local_file://example')
# Just commented them out.
# Can't really tell why keep failing in windows and sparc.
diff --git a/Lib/urllib.py b/Lib/urllib.py
index d85504a5cb7e..a24e9a5c68fb 100644
--- a/Lib/urllib.py
+++ b/Lib/urllib.py
@@ -203,7 +203,10 @@ def open(self, fullurl, data=None):
name = 'open_' + urltype
self.type = urltype
name = name.replace('-', '_')
- if not hasattr(self, name):
+
+ # bpo-35907: # disallow the file reading with the type not allowed
+ if not hasattr(self, name) or \
+ (self == _urlopener and name == 'open_local_file'):
if proxy:
return self.open_unknown_proxy(proxy, fullurl, data)
else:
diff --git a/Doc/library/urlparse.rst b/Doc/library/urlparse.rst
index 22249da54f..0989c88c30 100644
--- a/Doc/library/urlparse.rst
+++ b/Doc/library/urlparse.rst
@@ -119,12 +119,22 @@ The :mod:`urlparse` module defines the following functions:
See section :ref:`urlparse-result-object` for more information on the result
object.
+ Characters in the :attr:`netloc` attribute that decompose under NFKC
+ normalization (as used by the IDNA encoding) into any of ``/``, ``?``,
+ ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is
+ decomposed before parsing, or is not a Unicode string, no error will be
+ raised.
+
.. versionchanged:: 2.5
Added attributes to return value.
.. versionchanged:: 2.7
Added IPv6 URL parsing capabilities.
+ .. versionchanged:: 2.7.17
+ Characters that affect netloc parsing under NFKC normalization will
+ now raise :exc:`ValueError`.
+
.. function:: parse_qs(qs[, keep_blank_values[, strict_parsing[, max_num_fields]]])
@@ -232,11 +242,21 @@ The :mod:`urlparse` module defines the following functions:
See section :ref:`urlparse-result-object` for more information on the result
object.
+ Characters in the :attr:`netloc` attribute that decompose under NFKC
+ normalization (as used by the IDNA encoding) into any of ``/``, ``?``,
+ ``#``, ``@``, or ``:`` will raise a :exc:`ValueError`. If the URL is
+ decomposed before parsing, or is not a Unicode string, no error will be
+ raised.
+
.. versionadded:: 2.2
.. versionchanged:: 2.5
Added attributes to return value.
+ .. versionchanged:: 2.7.17
+ Characters that affect netloc parsing under NFKC normalization will
+ now raise :exc:`ValueError`.
+
.. function:: urlunsplit(parts)
diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
index 4e1ded73c2..73b0228ea8 100644
--- a/Lib/test/test_urlparse.py
+++ b/Lib/test/test_urlparse.py
@@ -1,4 +1,6 @@
from test import test_support
+import sys
+import unicodedata
import unittest
import urlparse
@@ -624,6 +626,28 @@ class UrlParseTestCase(unittest.TestCase):
self.assertEqual(urlparse.urlparse("http://www.python.org:80"),
('http','www.python.org:80','','','',''))
+ def test_urlsplit_normalization(self):
+ # Certain characters should never occur in the netloc,
+ # including under normalization.
+ # Ensure that ALL of them are detected and cause an error
+ illegal_chars = u'/:#?@'
+ hex_chars = {'{:04X}'.format(ord(c)) for c in illegal_chars}
+ denorm_chars = [
+ c for c in map(unichr, range(128, sys.maxunicode))
+ if (hex_chars & set(unicodedata.decomposition(c).split()))
+ and c not in illegal_chars
+ ]
+ # Sanity check that we found at least one such character
+ self.assertIn(u'\u2100', denorm_chars)
+ self.assertIn(u'\uFF03', denorm_chars)
+
+ for scheme in [u"http", u"https", u"ftp"]:
+ for c in denorm_chars:
+ url = u"{}://netloc{}false.netloc/path".format(scheme, c)
+ print "Checking %r" % url
+ with self.assertRaises(ValueError):
+ urlparse.urlsplit(url)
+
def test_main():
test_support.run_unittest(UrlParseTestCase)
diff --git a/Lib/urlparse.py b/Lib/urlparse.py
index f7c2b032b0..54eda08651 100644
--- a/Lib/urlparse.py
+++ b/Lib/urlparse.py
@@ -165,6 +165,21 @@ def _splitnetloc(url, start=0):
delim = min(delim, wdelim) # use earliest delim position
return url[start:delim], url[delim:] # return (domain, rest)
+def _checknetloc(netloc):
+ if not netloc or not isinstance(netloc, unicode):
+ return
+ # looking for characters like \u2100 that expand to 'a/c'
+ # IDNA uses NFKC equivalence, so normalize for this check
+ import unicodedata
+ netloc2 = unicodedata.normalize('NFKC', netloc)
+ if netloc == netloc2:
+ return
+ _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
+ for c in '/?#@:':
+ if c in netloc2:
+ raise ValueError("netloc '" + netloc2 + "' contains invalid " +
+ "characters under NFKC normalization")
+
def urlsplit(url, scheme='', allow_fragments=True):
"""Parse a URL into 5 components:
<scheme>://<netloc>/<path>?<query>#<fragment>
@@ -193,6 +208,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
url, fragment = url.split('#', 1)
if '?' in url:
url, query = url.split('?', 1)
+ _checknetloc(netloc)
v = SplitResult(scheme, netloc, url, query, fragment)
_parse_cache[key] = v
return v
@@ -216,6 +232,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
url, fragment = url.split('#', 1)
if '?' in url:
url, query = url.split('?', 1)
+ _checknetloc(netloc)
v = SplitResult(scheme, netloc, url, query, fragment)
_parse_cache[key] = v
return v
# git-updates.diff
git-updates.diff
issue9189.diff
build-libpython.diff
deb-setup.diff
......@@ -71,5 +71,3 @@ rename-md5-init.diff
local-doc-references.diff
m-i-p-s-r6.diff
multiarch-libc.diff
issue36216.diff
issue35907.diff
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment