diff options
Diffstat (limited to 'dev-python/botocore/files/botocore-1.20.64-bpo43882.patch')
-rw-r--r-- | dev-python/botocore/files/botocore-1.20.64-bpo43882.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/dev-python/botocore/files/botocore-1.20.64-bpo43882.patch b/dev-python/botocore/files/botocore-1.20.64-bpo43882.patch new file mode 100644 index 000000000000..5f2e652f5baf --- /dev/null +++ b/dev-python/botocore/files/botocore-1.20.64-bpo43882.patch @@ -0,0 +1,35 @@ +From 9a25a6e9ace15d5f6136a2e9dd77324bae119f46 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org> +Date: Tue, 4 May 2021 13:15:54 +0200 +Subject: [PATCH] Reject endpoint URLs containing LF, CR or HT to workaround + bpo43882 fix + +--- + botocore/utils.py | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/botocore/utils.py b/botocore/utils.py +index 378972248..b154469bc 100644 +--- a/botocore/utils.py ++++ b/botocore/utils.py +@@ -977,6 +977,8 @@ class ArgumentGenerator(object): + + + def is_valid_ipv6_endpoint_url(endpoint_url): ++ if '\n' in endpoint_url or '\r' in endpoint_url or '\t' in endpoint_url: ++ return False + netloc = urlparse(endpoint_url).netloc + return IPV6_ADDRZ_RE.match(netloc) is not None + +@@ -990,6 +992,8 @@ def is_valid_endpoint_url(endpoint_url): + :return: True if the endpoint url is valid. False otherwise. + + """ ++ if '\n' in endpoint_url or '\r' in endpoint_url or '\t' in endpoint_url: ++ return False + parts = urlsplit(endpoint_url) + hostname = parts.hostname + if hostname is None: +-- +2.31.1 + |