Skip to content

Commit

Permalink
Merge pull request #149 from chcg/python_2718
Browse files Browse the repository at this point in the history
update to python 2.7.18
  • Loading branch information
chcg authored Apr 21, 2020
2 parents d6acc5c + 4b483dd commit b000848
Show file tree
Hide file tree
Showing 48 changed files with 3,487 additions and 21 deletions.
Binary file modified PythonLib/extra_dll/_bsddb.pyd
Binary file not shown.
Binary file modified PythonLib/extra_dll_x64/_bsddb.pyd
Binary file not shown.
20 changes: 13 additions & 7 deletions PythonLib/full/cookielib.py
Original file line number Diff line number Diff line change
Expand Up @@ -205,10 +205,14 @@ def _str2time(day, mon, yr, hr, min, sec, tz):
(?::(\d\d))? # optional seconds
)? # optional clock
\s*
([-+]?\d{2,4}|(?![APap][Mm]\b)[A-Za-z]+)? # timezone
(?:
([-+]?\d{2,4}|(?![APap][Mm]\b)[A-Za-z]+) # timezone
\s*
)?
(?:
\(\w+\) # ASCII representation of timezone in parens.
\s*
(?:\(\w+\))? # ASCII representation of timezone in parens.
\s*$""", re.X)
)?$""", re.X)
def http2time(text):
"""Returns time in seconds since epoch of time represented by a string.
Expand Down Expand Up @@ -266,7 +270,7 @@ def http2time(text):
return _str2time(day, mon, yr, hr, min, sec, tz)

ISO_DATE_RE = re.compile(
"""^
r"""^
(\d{4}) # year
[-\/]?
(\d\d?) # numerical month
Expand All @@ -278,9 +282,11 @@ def http2time(text):
(?::?(\d\d(?:\.\d*)?))? # optional seconds (and fractional)
)? # optional clock
\s*
([-+]?\d\d?:?(:?\d\d)?
|Z|z)? # timezone (Z is "zero meridian", i.e. GMT)
\s*$""", re.X)
(?:
([-+]?\d\d?:?(:?\d\d)?
|Z|z) # timezone (Z is "zero meridian", i.e. GMT)
\s*
)?$""", re.X)
def iso2time(text):
"""
As for http2time, but parses the ISO 8601 formats:
Expand Down
4 changes: 4 additions & 0 deletions PythonLib/full/encodings/uu_codec.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@ def uu_encode(input,errors='strict',filename='<data>',mode=0666):
read = infile.read
write = outfile.write

# Remove newline chars from filename
filename = filename.replace('\n','\\n')
filename = filename.replace('\r','\\r')

# Encode
write('begin %o %s\n' % (mode & 0777, filename))
chunk = read(45)
Expand Down
13 changes: 13 additions & 0 deletions PythonLib/full/httplib.py
Original file line number Diff line number Diff line change
Expand Up @@ -745,6 +745,8 @@ def __init__(self, host, port=None, strict=None,

(self.host, self.port) = self._get_hostport(host, port)

self._validate_host(self.host)

# This is stored as an instance variable to allow unittests
# to replace with a suitable mock
self._create_connection = socket.create_connection
Expand Down Expand Up @@ -1029,6 +1031,17 @@ def _validate_path(self, url):
).format(matched=match.group(), url=url)
raise InvalidURL(msg)

def _validate_host(self, host):
"""Validate a host so it doesn't contain control characters."""
# Prevent CVE-2019-18348.
match = _contains_disallowed_url_pchar_re.search(host)
if match:
msg = (
"URL can't contain control characters. {host!r} "
"(found at least {matched!r})"
).format(matched=match.group(), host=host)
raise InvalidURL(msg)

def putheader(self, header, *values):
"""Send a request header line to the server.
Expand Down
6 changes: 6 additions & 0 deletions PythonLib/full/urllib.py
Original file line number Diff line number Diff line change
Expand Up @@ -934,7 +934,13 @@ def retrfile(self, file, type):
return (ftpobj, retrlen)

def endtransfer(self):
if not self.busy:
return
self.busy = 0
try:
self.ftp.voidresp()
except ftperrors():
pass

def close(self):
self.keepalive = False
Expand Down
7 changes: 7 additions & 0 deletions PythonLib/full/uu.py
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,13 @@ def encode(in_file, out_file, name=None, mode=None):
name = '-'
if mode is None:
mode = 0666

#
# Remove newline chars from name
#
name = name.replace('\n','\\n')
name = name.replace('\r','\\r')

#
# Write the data
#
Expand Down
Binary file modified PythonLib/full_dll/_ctypes.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll/_elementtree.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll/_hashlib.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll/_msi.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll/_multiprocessing.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll/_socket.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll/_sqlite3.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll/_ssl.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll/bz2.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll/pyexpat.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll/select.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll/sqlite3.dll
Binary file not shown.
Binary file modified PythonLib/full_dll/unicodedata.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll/winsound.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/_ctypes.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/_elementtree.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/_hashlib.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/_msi.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/_multiprocessing.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/_socket.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/_sqlite3.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/_ssl.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/bz2.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/pyexpat.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/select.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/sqlite3.dll
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/unicodedata.pyd
Binary file not shown.
Binary file modified PythonLib/full_dll_x64/winsound.pyd
Binary file not shown.
20 changes: 13 additions & 7 deletions PythonLib/min/cookielib.py
Original file line number Diff line number Diff line change
Expand Up @@ -205,10 +205,14 @@ def _str2time(day, mon, yr, hr, min, sec, tz):
(?::(\d\d))? # optional seconds
)? # optional clock
\s*
([-+]?\d{2,4}|(?![APap][Mm]\b)[A-Za-z]+)? # timezone
(?:
([-+]?\d{2,4}|(?![APap][Mm]\b)[A-Za-z]+) # timezone
\s*
)?
(?:
\(\w+\) # ASCII representation of timezone in parens.
\s*
(?:\(\w+\))? # ASCII representation of timezone in parens.
\s*$""", re.X)
)?$""", re.X)
def http2time(text):
"""Returns time in seconds since epoch of time represented by a string.
Expand Down Expand Up @@ -266,7 +270,7 @@ def http2time(text):
return _str2time(day, mon, yr, hr, min, sec, tz)

ISO_DATE_RE = re.compile(
"""^
r"""^
(\d{4}) # year
[-\/]?
(\d\d?) # numerical month
Expand All @@ -278,9 +282,11 @@ def http2time(text):
(?::?(\d\d(?:\.\d*)?))? # optional seconds (and fractional)
)? # optional clock
\s*
([-+]?\d\d?:?(:?\d\d)?
|Z|z)? # timezone (Z is "zero meridian", i.e. GMT)
\s*$""", re.X)
(?:
([-+]?\d\d?:?(:?\d\d)?
|Z|z) # timezone (Z is "zero meridian", i.e. GMT)
\s*
)?$""", re.X)
def iso2time(text):
"""
As for http2time, but parses the ISO 8601 formats:
Expand Down
4 changes: 4 additions & 0 deletions PythonLib/min/encodings/uu_codec.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@ def uu_encode(input,errors='strict',filename='<data>',mode=0666):
read = infile.read
write = outfile.write

# Remove newline chars from filename
filename = filename.replace('\n','\\n')
filename = filename.replace('\r','\\r')

# Encode
write('begin %o %s\n' % (mode & 0777, filename))
chunk = read(45)
Expand Down
13 changes: 13 additions & 0 deletions PythonLib/min/httplib.py
Original file line number Diff line number Diff line change
Expand Up @@ -745,6 +745,8 @@ def __init__(self, host, port=None, strict=None,

(self.host, self.port) = self._get_hostport(host, port)

self._validate_host(self.host)

# This is stored as an instance variable to allow unittests
# to replace with a suitable mock
self._create_connection = socket.create_connection
Expand Down Expand Up @@ -1029,6 +1031,17 @@ def _validate_path(self, url):
).format(matched=match.group(), url=url)
raise InvalidURL(msg)

def _validate_host(self, host):
"""Validate a host so it doesn't contain control characters."""
# Prevent CVE-2019-18348.
match = _contains_disallowed_url_pchar_re.search(host)
if match:
msg = (
"URL can't contain control characters. {host!r} "
"(found at least {matched!r})"
).format(matched=match.group(), host=host)
raise InvalidURL(msg)

def putheader(self, header, *values):
"""Send a request header line to the server.
Expand Down
6 changes: 6 additions & 0 deletions PythonLib/min/urllib.py
Original file line number Diff line number Diff line change
Expand Up @@ -934,7 +934,13 @@ def retrfile(self, file, type):
return (ftpobj, retrlen)

def endtransfer(self):
if not self.busy:
return
self.busy = 0
try:
self.ftp.voidresp()
except ftperrors():
pass

def close(self):
self.keepalive = False
Expand Down
7 changes: 7 additions & 0 deletions PythonLib/min/uu.py
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,13 @@ def encode(in_file, out_file, name=None, mode=None):
name = '-'
if mode is None:
mode = 0666

#
# Remove newline chars from name
#
name = name.replace('\n','\\n')
name = name.replace('\r','\\r')

#
# Write the data
#
Expand Down
Loading

0 comments on commit b000848

Please sign in to comment.