fix CVE-2015-20107
This commit is contained in:
shixuantong
parent
d51e8fcf67
commit
ecb6eabcc0
43
openEuler-CVE-2015-20107.patch
Normal file
43
openEuler-CVE-2015-20107.patch
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
From c7c5f7f272659981f4c6bbfa212257945c86d17c Mon Sep 17 00:00:00 2001
|
||||||
|
From: shixuantong <shixuantong@h-partners.com>
|
||||||
|
Date: Sat, 14 May 2022 16:50:02 +0800
|
||||||
|
Subject: [PATCH] fix CVE-2015-20107
|
||||||
|
|
||||||
|
---
|
||||||
|
Lib/mailcap.py | 6 ++++--
|
||||||
|
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Lib/mailcap.py b/Lib/mailcap.py
|
||||||
|
index bd0fc09..1ad3dd5 100644
|
||||||
|
--- a/Lib/mailcap.py
|
||||||
|
+++ b/Lib/mailcap.py
|
||||||
|
@@ -2,6 +2,7 @@
|
||||||
|
|
||||||
|
import os
|
||||||
|
import warnings
|
||||||
|
+from shlex import quote
|
||||||
|
|
||||||
|
__all__ = ["getcaps","findmatch"]
|
||||||
|
|
||||||
|
@@ -203,8 +204,6 @@ def subst(field, MIMEtype, filename, plist=[]):
|
||||||
|
c = field[i]; i = i+1
|
||||||
|
if c == '%':
|
||||||
|
res = res + c
|
||||||
|
- elif c == 's':
|
||||||
|
- res = res + filename
|
||||||
|
elif c == 't':
|
||||||
|
res = res + MIMEtype
|
||||||
|
elif c == '{':
|
||||||
|
@@ -219,6 +218,9 @@ def subst(field, MIMEtype, filename, plist=[]):
|
||||||
|
# %F == list of alternating type and filename for parts
|
||||||
|
else:
|
||||||
|
res = res + '%' + c
|
||||||
|
+ res = res.replace("'%s'", quote(filename))
|
||||||
|
+ res = res.replace('"%s"',quote(filename))
|
||||||
|
+ res = res.replace('%s',quote(filename))
|
||||||
|
return res
|
||||||
|
|
||||||
|
def findparam(name, plist):
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
||||||
10
python3.spec
10
python3.spec
@ -3,7 +3,7 @@ Summary: Interpreter of the Python3 programming language
|
|||||||
URL: https://www.python.org/
|
URL: https://www.python.org/
|
||||||
|
|
||||||
Version: 3.10.2
|
Version: 3.10.2
|
||||||
Release: 1
|
Release: 2
|
||||||
License: Python
|
License: Python
|
||||||
|
|
||||||
%global branchversion 3.10
|
%global branchversion 3.10
|
||||||
@ -90,6 +90,7 @@ Patch251: 00251-change-user-install-location.patch
|
|||||||
Patch6000: backport-bpo-46811-Make-test-suite-support-Expat-2.4.5.patch
|
Patch6000: backport-bpo-46811-Make-test-suite-support-Expat-2.4.5.patch
|
||||||
|
|
||||||
Patch9000: add-the-sm3-method-for-obtaining-the-salt-value.patch
|
Patch9000: add-the-sm3-method-for-obtaining-the-salt-value.patch
|
||||||
|
Patch9001: openEuler-CVE-2015-20107.patch
|
||||||
|
|
||||||
Provides: python%{branchversion} = %{version}-%{release}
|
Provides: python%{branchversion} = %{version}-%{release}
|
||||||
Provides: python(abi) = %{branchversion}
|
Provides: python(abi) = %{branchversion}
|
||||||
@ -177,6 +178,7 @@ rm configure pyconfig.h.in
|
|||||||
%patch6000 -p1
|
%patch6000 -p1
|
||||||
|
|
||||||
%patch9000 -p1
|
%patch9000 -p1
|
||||||
|
%patch9001 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoconf
|
autoconf
|
||||||
@ -793,6 +795,12 @@ export BEP_GTDLIST="$BEP_GTDLIST_TMP"
|
|||||||
%{_mandir}/*/*
|
%{_mandir}/*/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon May 16 2022 shixuantong <shixuantong@h-partners.com> - 3.10.2-2
|
||||||
|
- Type:CVE
|
||||||
|
- CVE:CVE-2015-20107
|
||||||
|
- SUG:NA
|
||||||
|
- DESC:fix CVE-2015-20107
|
||||||
|
|
||||||
* Wed Mar 09 2022 shixuantong <shixuantong@h-partners.com> - 3.10.2-1
|
* Wed Mar 09 2022 shixuantong <shixuantong@h-partners.com> - 3.10.2-1
|
||||||
- Type:enhancement
|
- Type:enhancement
|
||||||
- CVE:NA
|
- CVE:NA
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user