Sun Jun 19 02:48:26 UTC 2011

author: Parabola <dev@list.parabolagnulinux.org> 2011-06-19 02:48:26 +0000
committer: Parabola <dev@list.parabolagnulinux.org> 2011-06-19 02:48:26 +0000
commit: 5457eacc747fc3f91e10a1f452230b1feac39eff (patch)
tree: bae3163aec825d4fc53c0ef265eac2148b31353b /extra/python2
parent: c80552b41838a5668458ebb1eb9b0f44ea6fe879 (diff)
2 files changed, 0 insertions, 146 deletions
diff --git a/extra/python2/CVE-2011-1521.patch b/extra/python2/CVE-2011-1521.patch
deleted file mode 100644
index d68ec3323..000000000
--- a/extra/python2/CVE-2011-1521.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-diff -Naur Python-2.7.1.ori/Lib/test/test_urllib2.py Python-2.7.1/Lib/test/test_urllib2.py
---- Python-2.7.1.ori/Lib/test/test_urllib2.py	2010-11-21 21:04:33.000000000 -0800
-+++ Python-2.7.1/Lib/test/test_urllib2.py	2011-04-15 05:02:13.278853672 -0700
-@@ -969,6 +969,27 @@
-             self.assertEqual(count,
-                              urllib2.HTTPRedirectHandler.max_redirections)
- 
-+    def test_invalid_redirect(self):
-+        from_url = "http://example.com/a.html"
-+        valid_schemes = ['http', 'https', 'ftp']
-+        invalid_schemes = ['file', 'imap', 'ldap']
-+        schemeless_url = "example.com/b.html"
-+        h = urllib2.HTTPRedirectHandler()
-+        o = h.parent = MockOpener()
-+        req = Request(from_url)
-+
-+        for scheme in invalid_schemes:
-+            invalid_url = scheme + '://' + schemeless_url
-+            self.assertRaises(urllib2.HTTPError, h.http_error_302,
-+                              req, MockFile(), 302, "Security Loophole",
-+                              MockHeaders({"location": invalid_url}))
-+
-+        for scheme in valid_schemes:
-+            valid_url = scheme + '://' + schemeless_url
-+            h.http_error_302(req, MockFile(), 302, "That's fine",
-+                MockHeaders({"location": valid_url}))
-+            self.assertEqual(o.req.get_full_url(), valid_url)
-+
-     def test_cookie_redirect(self):
-         # cookies shouldn't leak into redirected requests
-         from cookielib import CookieJar
-diff -Naur Python-2.7.1.ori/Lib/test/test_urllib.py Python-2.7.1/Lib/test/test_urllib.py
---- Python-2.7.1.ori/Lib/test/test_urllib.py	2010-11-21 05:34:58.000000000 -0800
-+++ Python-2.7.1/Lib/test/test_urllib.py	2011-04-15 05:02:13.278853672 -0700
-@@ -161,6 +161,20 @@
-         finally:
-             self.unfakehttp()
- 
-+    def test_invalid_redirect(self):
-+        # urlopen() should raise IOError for many error codes.
-+        self.fakehttp("""HTTP/1.1 302 Found
-+Date: Wed, 02 Jan 2008 03:03:54 GMT
-+Server: Apache/1.3.33 (Debian GNU/Linux) mod_ssl/2.8.22 OpenSSL/0.9.7e
-+Location: file:README
-+Connection: close
-+Content-Type: text/html; charset=iso-8859-1
-+""")
-+        try:
-+            self.assertRaises(IOError, urllib.urlopen, "http://python.org/")
-+        finally:
-+            self.unfakehttp()
-+
-     def test_empty_socket(self):
-         # urlopen() raises IOError if the underlying socket does not send any
-         # data. (#1680230)
-diff -Naur Python-2.7.1.ori/Lib/urllib2.py Python-2.7.1/Lib/urllib2.py
---- Python-2.7.1.ori/Lib/urllib2.py	2010-11-20 03:24:08.000000000 -0800
-+++ Python-2.7.1/Lib/urllib2.py	2011-04-15 05:02:13.278853672 -0700
-@@ -579,6 +579,17 @@
- 
-         newurl = urlparse.urljoin(req.get_full_url(), newurl)
- 
-+        # For security reasons we do not allow redirects to protocols
-+        # other than HTTP, HTTPS or FTP.
-+        newurl_lower = newurl.lower()
-+        if not (newurl_lower.startswith('http://') or
-+                newurl_lower.startswith('https://') or
-+                newurl_lower.startswith('ftp://')):
-+            raise HTTPError(newurl, code,
-+                            msg + " - Redirection to url '%s' is not allowed" %
-+                            newurl,
-+                            headers, fp)
-+
-         # XXX Probably want to forget about the state of the current
-         # request, although that might interact poorly with other
-         # handlers that also use handler-specific request attributes
-diff -Naur Python-2.7.1.ori/Lib/urllib.py Python-2.7.1/Lib/urllib.py
---- Python-2.7.1.ori/Lib/urllib.py	2010-11-21 21:04:33.000000000 -0800
-+++ Python-2.7.1/Lib/urllib.py	2011-04-15 05:02:13.278853672 -0700
-@@ -644,6 +644,18 @@
-         fp.close()
-         # In case the server sent a relative URL, join with original:
-         newurl = basejoin(self.type + ":" + url, newurl)
-+
-+        # For security reasons we do not allow redirects to protocols
-+        # other than HTTP, HTTPS or FTP.
-+        newurl_lower = newurl.lower()
-+        if not (newurl_lower.startswith('http://') or
-+                newurl_lower.startswith('https://') or
-+                newurl_lower.startswith('ftp://')):
-+            raise IOError('redirect error', errcode,
-+                          errmsg + " - Redirection to url '%s' is not allowed" %
-+                          newurl,
-+                          headers)
-+
-         return self.open(newurl)
- 
-     def http_error_301(self, url, fp, errcode, errmsg, headers, data=None):
diff --git a/extra/python2/python-2.7.1-fix-decimal-in-turkish-locale.patch b/extra/python2/python-2.7.1-fix-decimal-in-turkish-locale.patch
deleted file mode 100644
index 57f527f40..000000000
--- a/extra/python2/python-2.7.1-fix-decimal-in-turkish-locale.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-diff -up Python-2.7.1/Lib/decimal.py.fix-decimal-in-turkish-locale Python-2.7.1/Lib/decimal.py
---- Python-2.7.1/Lib/decimal.py.fix-decimal-in-turkish-locale	2010-07-08 17:22:54.000000000 -0400
-+++ Python-2.7.1/Lib/decimal.py	2011-04-12 11:30:40.850350842 -0400
-@@ -1720,8 +1720,6 @@ class Decimal(object):
-         # here self was representable to begin with; return unchanged
-         return Decimal(self)
-
--    _pick_rounding_function = {}
--
-     # for each of the rounding functions below:
-     #   self is a finite, nonzero Decimal
-     #   prec is an integer satisfying 0 <= prec < len(self._int)
-@@ -1788,6 +1786,17 @@ class Decimal(object):
-         else:
-             return -self._round_down(prec)
-
-+    _pick_rounding_function = dict(
-+        ROUND_DOWN = '_round_down',
-+        ROUND_UP = '_round_up',
-+        ROUND_HALF_UP = '_round_half_up',
-+        ROUND_HALF_DOWN = '_round_half_down',
-+        ROUND_HALF_EVEN = '_round_half_even',
-+        ROUND_CEILING = '_round_ceiling',
-+        ROUND_FLOOR = '_round_floor',
-+        ROUND_05UP = '_round_05up',
-+    )
-+
-     def fma(self, other, third, context=None):
-         """Fused multiply-add.
-
-@@ -3705,18 +3714,6 @@ _numbers.Number.register(Decimal)
-
- ##### Context class #######################################################
-
--
--# get rounding method function:
--rounding_functions = [name for name in Decimal.__dict__.keys()
--                                    if name.startswith('_round_')]
--for name in rounding_functions:
--    # name is like _round_half_even, goes to the global ROUND_HALF_EVEN value.
--    globalname = name[1:].upper()
--    val = globals()[globalname]
--    Decimal._pick_rounding_function[val] = name
--
--del name, val, globalname, rounding_functions
--
- class _ContextManager(object):
-     """Context manager class to support localcontext().
author	Parabola <dev@list.parabolagnulinux.org>	2011-06-19 02:48:26 +0000
committer	Parabola <dev@list.parabolagnulinux.org>	2011-06-19 02:48:26 +0000
commit	5457eacc747fc3f91e10a1f452230b1feac39eff (patch)
tree	bae3163aec825d4fc53c0ef265eac2148b31353b /extra/python2
parent	c80552b41838a5668458ebb1eb9b0f44ea6fe879 (diff)