I fixed is as follows:
root@woody:/usr/lib/python3.4/http# diff -c3 client.py.orig client.py
*** client.py.orig 2019-06-21 03:20:41.000000000 +0200
--- client.py 2019-06-25 09:12:35.000000000 +0200
***************
*** 1011,1018 ****
# Prevent CVE-2019-9740.
match = _contains_disallowed_url_pchar_re.search(url)
if match:
! raise InvalidURL(f"URL can't contain control characters. {url!r} "
! f"(found at least {match.group()!r})")
request = '%s %s %s' % (method, url, self._http_vsn_str)
# Non-ASCII characters should have been eliminated earlier
--- 1011,1018 ----
# Prevent CVE-2019-9740.
match = _contains_disallowed_url_pchar_re.search(url)
if match:
! raise InvalidURL("URL can't contain control characters. {!r}
".format(url) +
! "(found at least {!r})".format(match.group()))
request = '%s %s %s' % (method, url, self._http_vsn_str)
# Non-ASCII characters should have been eliminated earlier
Cheers -- Peppo
On Tue, 25 Jun 2019 11:09:28 +0200 jens persson <[email protected]> wrote:
> A quick workaround to get our old environments to work was to remove the
> f:s on line 1014 and 1015 in /usr/lib/python3.4/http/client.py as:
> raise InvalidURL("URL can't contain control characters. {url!r}
> "
> "(found at least {match.group()!r})")
>
> This will give bad error messages but allow things to work.
>
> /jp
>
> --
> jens persson
> <[email protected]>
> Mäster Olofsväg 24
> S-224 66 LUND;SWEDEN
--
Peppo Brambilla
Universitaet Bern, Institut fuer Informatik
Neubrueckstr. 10, CH-3012 Bern
Tel +41 31 631 3310
