Matej Cepl
9ffbba32c9
- Fix multiplying a list by an integer (list *= int): detect
the integer overflow when the new allocated length is close
to the maximum size.
- Fix a shell code injection vulnerability in the
get-remote-certificate.py example script. The script no
longer uses a shell to run openssl commands. (originally
filed as CVE-2022-37460, later withdrawn)
- Fix command line parsing: reject -X int_max_str_digits option
with no value (invalid) when the PYTHONINTMAXSTRDIGITS
environment variable is set to a valid limit.
- When ValueError is raised if an integer is larger than the
limit, mention the sys.set_int_max_str_digits() function in
the error message.
- The deprecated mailcap module now refuses to inject unsafe
text (filenames, MIME types, parameters) into shell
commands. Instead of using such text, it will warn and act
as if a match was not found (or for test commands, as if the
test failed).
- os.sched_yield() now release the GIL while calling
sched_yield(2).
- Bugfix: PyFunction_GetAnnotations() should return a borrowed
reference. It was returning a new reference.
- Fixed a missing incref/decref pair in
Exception.__setstate__().
- Fix overly-broad source position information for chained
comparisons used as branching conditions.
- Fix undefined behaviour in _testcapimodule.c.
- At Python exit, sometimes a thread holding the GIL can
wait forever for a thread (usually a daemon thread) which
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=61
55 lines
2.3 KiB
Diff
55 lines
2.3 KiB
Diff
From c3e7f139b440d7424986204e9f3fc2275aea3377 Mon Sep 17 00:00:00 2001
|
|
From: Petr Viktorin <encukou@gmail.com>
|
|
Date: Wed, 27 Apr 2022 18:17:33 +0200
|
|
Subject: [PATCH 1/4] gh-68966: Make mailcap refuse to match unsafe
|
|
filenames/types/params
|
|
|
|
---
|
|
Doc/library/mailcap.rst | 12 ++++++++++
|
|
Lib/mailcap.py | 5 ++++
|
|
Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst | 4 +++
|
|
3 files changed, 21 insertions(+)
|
|
|
|
--- a/Doc/library/mailcap.rst
|
|
+++ b/Doc/library/mailcap.rst
|
|
@@ -27,6 +27,18 @@ The mailcap format is documented in :rfc
|
|
Mechanism For Multimedia Mail Format Information", but is not an internet
|
|
standard. However, mailcap files are supported on most Unix systems.
|
|
|
|
+ .. versionchanged:: 3.11
|
|
+
|
|
+ To prevent security issues with shell metacharacters (symbols that have
|
|
+ special effects in a shell command line), ``findmatch`` will refuse
|
|
+ to inject ASCII characters other than alphanumerics and ``@+=:,./-_``
|
|
+ into the returned command line.
|
|
+
|
|
+ If a disallowed character appears in *filename*, ``findmatch`` will always
|
|
+ return ``(None, None)`` as if no entry was found.
|
|
+ If such a character appears elsewhere (a value in *plist* or in *MIMEtype*),
|
|
+ ``findmatch`` will ignore all mailcap entries which use that value.
|
|
+ A :mod:`warning <warnings>` will be raised in either case.
|
|
|
|
.. function:: findmatch(caps, MIMEtype, key='view', filename='/dev/null', plist=[])
|
|
|
|
--- a/Lib/mailcap.py
|
|
+++ b/Lib/mailcap.py
|
|
@@ -19,6 +19,11 @@ _find_unsafe = re.compile(r'[^\xa1-\U001
|
|
class UnsafeMailcapInput(Warning):
|
|
"""Warning raised when refusing unsafe input"""
|
|
|
|
+_find_unsafe = re.compile(r'[^\xa1-\U0010FFFF\w@+=:,./-]').search
|
|
+
|
|
+class UnsafeMailcapInput(Warning):
|
|
+ """Warning raised when refusing unsafe input"""
|
|
+
|
|
|
|
# Part 1: top-level interface.
|
|
|
|
--- /dev/null
|
|
+++ b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
|
|
@@ -0,0 +1,4 @@
|
|
+The deprecated mailcap module now refuses to inject unsafe text (filenames,
|
|
+MIME types, parameters) into shell commands. Instead of using such text, it
|
|
+will warn and act as if a match was not found (or for test commands, as if
|
|
+the test failed).
|