head	1.1;
access;
symbols
	pkgsrc-2026Q1:1.1.0.30
	pkgsrc-2026Q1-base:1.1
	pkgsrc-2025Q4:1.1.0.28
	pkgsrc-2025Q4-base:1.1
	pkgsrc-2025Q3:1.1.0.26
	pkgsrc-2025Q3-base:1.1
	pkgsrc-2025Q2:1.1.0.24
	pkgsrc-2025Q2-base:1.1
	pkgsrc-2025Q1:1.1.0.22
	pkgsrc-2025Q1-base:1.1
	pkgsrc-2024Q4:1.1.0.20
	pkgsrc-2024Q4-base:1.1
	pkgsrc-2024Q3:1.1.0.18
	pkgsrc-2024Q3-base:1.1
	pkgsrc-2024Q2:1.1.0.16
	pkgsrc-2024Q2-base:1.1
	pkgsrc-2024Q1:1.1.0.14
	pkgsrc-2024Q1-base:1.1
	pkgsrc-2023Q4:1.1.0.12
	pkgsrc-2023Q4-base:1.1
	pkgsrc-2023Q3:1.1.0.10
	pkgsrc-2023Q3-base:1.1
	pkgsrc-2023Q2:1.1.0.8
	pkgsrc-2023Q2-base:1.1
	pkgsrc-2023Q1:1.1.0.6
	pkgsrc-2023Q1-base:1.1
	pkgsrc-2022Q4:1.1.0.4
	pkgsrc-2022Q4-base:1.1
	pkgsrc-2022Q3:1.1.0.2
	pkgsrc-2022Q3-base:1.1;
locks; strict;
comment	@# @;


1.1
date	2022.08.11.01.32.50;	author gutteridge;	state Exp;
branches;
next	;
commitid	K8Vx6YenHM77SoPD;


desc
@@


1.1
log
@python27: add backported security patching

Fix CVE-2015-20107: Make mailcap refuse to match unsafe filenames/types/params

Via Fedora:
https://src.fedoraproject.org/rpms/python2.7/raw/a9b12e85bd4d3280e07bc3bfa72a9f2b674cb4ff/f/00382-cve-2015-20107.patch
@
text
@$NetBSD$

Fix CVE-2015-20107: Make mailcap refuse to match unsafe filenames/types/params

Via Fedora:
https://src.fedoraproject.org/rpms/python2.7/raw/a9b12e85bd4d3280e07bc3bfa72a9f2b674cb4ff/f/00382-cve-2015-20107.patch

--- Doc/library/mailcap.rst.orig	2020-04-19 21:13:39.000000000 +0000
+++ Doc/library/mailcap.rst
@@@@ -54,6 +54,18 @@@@ standard.  However, mailcap files are su
    use) to determine whether or not the mailcap line applies.  :func:`findmatch`
    will automatically check such conditions and skip the entry if the check fails.
 
+   .. versionchanged:: 3.11
+
+      To prevent security issues with shell metacharacters (symbols that have
+      special effects in a shell command line), ``findmatch`` will refuse
+      to inject ASCII characters other than alphanumerics and ``@@+=:,./-_``
+      into the returned command line.
+
+      If a disallowed character appears in *filename*, ``findmatch`` will always
+      return ``(None, None)`` as if no entry was found.
+      If such a character appears elsewhere (a value in *plist* or in *MIMEtype*),
+      ``findmatch`` will ignore all mailcap entries which use that value.
+      A :mod:`warning <warnings>` will be raised in either case.
 
 .. function:: getcaps()
 
@