From 4f0b14a2f9cef94cb54cbec1c639ca4a1f329cc1 Mon Sep 17 00:00:00 2001
From: Honza Horak <hhorak@redhat.com>
Date: Mon, 15 May 2023 21:44:37 +0200
Subject: [PATCH] Replace whole repo with latest content from branch
 stream-3.8-rhel-8.8.0

Content corresponds with RHEL dist-git commit 453d79b
---
 .gitignore                 |   5 +-
 00382-cve-2015-20107.patch | 150 -------------------------------------
 2 files changed, 3 insertions(+), 152 deletions(-)
 delete mode 100644 00382-cve-2015-20107.patch

diff --git a/.gitignore b/.gitignore
index 733341b..1107137 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
-SOURCES/Python-3.8.16-noexe.tar.xz
-/Python-3.8.16-noexe.tar.xz
+/*.tar.*
+/*.src.rpm
+/results_python3*
diff --git a/00382-cve-2015-20107.patch b/00382-cve-2015-20107.patch
deleted file mode 100644
index 84fda78..0000000
--- a/00382-cve-2015-20107.patch
+++ /dev/null
@@ -1,150 +0,0 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
-From: Petr Viktorin <encukou@gmail.com>
-Date: Fri, 3 Jun 2022 11:43:35 +0200
-Subject: [PATCH] 00382: CVE-2015-20107
-
-Make mailcap refuse to match unsafe filenames/types/params (GH-91993)
-
-Upstream: https://github.com/python/cpython/issues/68966
-
-Tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=2075390
----
- Doc/library/mailcap.rst                       | 12 +++++++++
- Lib/mailcap.py                                | 26 +++++++++++++++++--
- Lib/test/test_mailcap.py                      |  8 ++++--
- ...2-04-27-18-25-30.gh-issue-68966.gjS8zs.rst |  4 +++
- 4 files changed, 46 insertions(+), 4 deletions(-)
- create mode 100644 Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
-
-diff --git a/Doc/library/mailcap.rst b/Doc/library/mailcap.rst
-index bf9639bdac..a75857be62 100644
---- a/Doc/library/mailcap.rst
-+++ b/Doc/library/mailcap.rst
-@@ -54,6 +54,18 @@ standard.  However, mailcap files are supported on most Unix systems.
-    use) to determine whether or not the mailcap line applies.  :func:`findmatch`
-    will automatically check such conditions and skip the entry if the check fails.
- 
-+   .. versionchanged:: 3.11
-+
-+      To prevent security issues with shell metacharacters (symbols that have
-+      special effects in a shell command line), ``findmatch`` will refuse
-+      to inject ASCII characters other than alphanumerics and ``@+=:,./-_``
-+      into the returned command line.
-+
-+      If a disallowed character appears in *filename*, ``findmatch`` will always
-+      return ``(None, None)`` as if no entry was found.
-+      If such a character appears elsewhere (a value in *plist* or in *MIMEtype*),
-+      ``findmatch`` will ignore all mailcap entries which use that value.
-+      A :mod:`warning <warnings>` will be raised in either case.
- 
- .. function:: getcaps()
- 
-diff --git a/Lib/mailcap.py b/Lib/mailcap.py
-index bd0fc0981c..dcd4b449e8 100644
---- a/Lib/mailcap.py
-+++ b/Lib/mailcap.py
-@@ -2,6 +2,7 @@
- 
- import os
- import warnings
-+import re
- 
- __all__ = ["getcaps","findmatch"]
- 
-@@ -13,6 +14,11 @@ def lineno_sort_key(entry):
-     else:
-         return 1, 0
- 
-+_find_unsafe = re.compile(r'[^\xa1-\U0010FFFF\w@+=:,./-]').search
-+
-+class UnsafeMailcapInput(Warning):
-+    """Warning raised when refusing unsafe input"""
-+
- 
- # Part 1: top-level interface.
- 
-@@ -165,15 +171,22 @@ def findmatch(caps, MIMEtype, key='view', filename="/dev/null", plist=[]):
-     entry to use.
- 
-     """
-+    if _find_unsafe(filename):
-+        msg = "Refusing to use mailcap with filename %r. Use a safe temporary filename." % (filename,)
-+        warnings.warn(msg, UnsafeMailcapInput)
-+        return None, None
-     entries = lookup(caps, MIMEtype, key)
-     # XXX This code should somehow check for the needsterminal flag.
-     for e in entries:
-         if 'test' in e:
-             test = subst(e['test'], filename, plist)
-+            if test is None:
-+                continue
-             if test and os.system(test) != 0:
-                 continue
-         command = subst(e[key], MIMEtype, filename, plist)
--        return command, e
-+        if command is not None:
-+            return command, e
-     return None, None
- 
- def lookup(caps, MIMEtype, key=None):
-@@ -206,6 +219,10 @@ def subst(field, MIMEtype, filename, plist=[]):
-             elif c == 's':
-                 res = res + filename
-             elif c == 't':
-+                if _find_unsafe(MIMEtype):
-+                    msg = "Refusing to substitute MIME type %r into a shell command." % (MIMEtype,)
-+                    warnings.warn(msg, UnsafeMailcapInput)
-+                    return None
-                 res = res + MIMEtype
-             elif c == '{':
-                 start = i
-@@ -213,7 +230,12 @@ def subst(field, MIMEtype, filename, plist=[]):
-                     i = i+1
-                 name = field[start:i]
-                 i = i+1
--                res = res + findparam(name, plist)
-+                param = findparam(name, plist)
-+                if _find_unsafe(param):
-+                    msg = "Refusing to substitute parameter %r (%s) into a shell command" % (param, name)
-+                    warnings.warn(msg, UnsafeMailcapInput)
-+                    return None
-+                res = res + param
-             # XXX To do:
-             # %n == number of parts if type is multipart/*
-             # %F == list of alternating type and filename for parts
-diff --git a/Lib/test/test_mailcap.py b/Lib/test/test_mailcap.py
-index c08423c670..920283d9a2 100644
---- a/Lib/test/test_mailcap.py
-+++ b/Lib/test/test_mailcap.py
-@@ -121,7 +121,8 @@ class HelperFunctionTest(unittest.TestCase):
-             (["", "audio/*", "foo.txt"], ""),
-             (["echo foo", "audio/*", "foo.txt"], "echo foo"),
-             (["echo %s", "audio/*", "foo.txt"], "echo foo.txt"),
--            (["echo %t", "audio/*", "foo.txt"], "echo audio/*"),
-+            (["echo %t", "audio/*", "foo.txt"], None),
-+            (["echo %t", "audio/wav", "foo.txt"], "echo audio/wav"),
-             (["echo \\%t", "audio/*", "foo.txt"], "echo %t"),
-             (["echo foo", "audio/*", "foo.txt", plist], "echo foo"),
-             (["echo %{total}", "audio/*", "foo.txt", plist], "echo 3")
-@@ -205,7 +206,10 @@ class FindmatchTest(unittest.TestCase):
-              ('"An audio fragment"', audio_basic_entry)),
-             ([c, "audio/*"],
-              {"filename": fname},
--             ("/usr/local/bin/showaudio audio/*", audio_entry)),
-+             (None, None)),
-+            ([c, "audio/wav"],
-+             {"filename": fname},
-+             ("/usr/local/bin/showaudio audio/wav", audio_entry)),
-             ([c, "message/external-body"],
-              {"plist": plist},
-              ("showexternal /dev/null default john python.org     /tmp foo bar", message_entry))
-diff --git a/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
-new file mode 100644
-index 0000000000..da81a1f699
---- /dev/null
-+++ b/Misc/NEWS.d/next/Security/2022-04-27-18-25-30.gh-issue-68966.gjS8zs.rst
-@@ -0,0 +1,4 @@
-+The deprecated mailcap module now refuses to inject unsafe text (filenames,
-+MIME types, parameters) into shell commands. Instead of using such text, it
-+will warn and act as if a match was not found (or for test commands, as if
-+the test failed).