Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:dirkmueller:acdc:sp5-rebuild
python-aiohttp.31991
CVE-2021-21330.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2021-21330.patch of Package python-aiohttp.31991
diff -Nru aiohttp-3.5.4.orig/aiohttp/http_parser.py aiohttp-3.5.4/aiohttp/http_parser.py --- aiohttp-3.5.4.orig/aiohttp/http_parser.py 2019-01-12 11:13:41.000000000 +0100 +++ aiohttp-3.5.4/aiohttp/http_parser.py 2022-05-04 12:41:04.477998722 +0200 @@ -432,6 +432,9 @@ str(self.max_line_size), str(len(path))) + path_part, _hash_separator, url_fragment = path.partition("#") + path_part, _question_mark_separator, qs_part = path_part.partition("?") + # method if not METHRE.match(method): raise BadStatusLine(method) @@ -457,9 +460,26 @@ close = False return RawRequestMessage( - method, path, version_o, headers, raw_headers, - close, compression, upgrade, chunked, URL(path)) - + method, + path, + version_o, + headers, + raw_headers, + close, + compression, + upgrade, + chunked, + # NOTE: `yarl.URL.build()` is used to mimic what the Cython-based + # NOTE: parser does, otherwise it results into the same + # NOTE: HTTP Request-Line input producing different + # NOTE: `yarl.URL()` objects + URL.build( + path=path_part, + query_string=qs_part, + fragment=url_fragment, + encoded=True, + ), + ) class HttpResponseParser(HttpParser): """Read response status line and headers. diff -Nru aiohttp-3.5.4.orig/tests/test_http_parser.py aiohttp-3.5.4/tests/test_http_parser.py --- aiohttp-3.5.4.orig/tests/test_http_parser.py 2019-01-12 11:13:41.000000000 +0100 +++ aiohttp-3.5.4/tests/test_http_parser.py 2022-05-04 12:36:25.681823873 +0200 @@ -535,6 +535,7 @@ assert msg.method == 'GET' assert msg.path == '//path' + assert msg.url.path == "//path" assert msg.version == (1, 1) assert not msg.should_close assert msg.compression is None
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor