Applying patch
[#636769] Fix for major rexec bugs
* Lib/rexec.py
(FileBase): Added 'xreadlines' and '__iter__' to allowed file methods.
(FileWrapper.__init__): Removed unnecessary self.f variable, which gave
direct access to the file object.
(RExec): Added 'xreadlines' and '_weakref' to allowed modules.
(RExec.r_open): Convert string subclasses to a real string classes
before doing comparisons with mode parameter.
* Lib/ihooks.py
(BasicModuleImporter.import_module/reload/unload): Convert the module
name to a real string before working with it.
(ModuleImporter.import_module/import_it/reload): Convert the module
name to a real strings before working with it.
* Misc/NEWS
Document the change.
diff --git a/Misc/NEWS b/Misc/NEWS
index 7eb828f..12df9ec 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -667,6 +667,9 @@
unix environment even if DISPLAY was not set. Also, support for
skipstone browser was included.
+- Fixed bug #636769: rexec would run unallowed code if subclasses of
+ strings were used as parameters for certain functions.
+
Tools/Demos
-----------