[3.7] bpo-35755: shutil.which() uses os.confstr("CS_PATH") (GH-12862)
* bpo-35755: shutil.which() uses os.confstr("CS_PATH") (GH-12858)
shutil.which() and distutils.spawn.find_executable() now use
os.confstr("CS_PATH") if available instead of os.defpath, if the PATH
environment variable is not set.
Don't use os.confstr("CS_PATH") nor os.defpath if the PATH
environment variable is set to an empty string.
Changes:
* find_executable() now starts by checking for the executable in the
current working directly case. Add an explicit
"if not path: return None".
* Add tests for PATH='' (empty string), PATH=':' and for PATHEXT.
(cherry picked from commit 228a3c99bdb2d02771bead66a0beabafad3a90d3)
* bpo-35755: Remove current directory from posixpath.defpath (GH-11586)
Document the change in a NEWS entry of the Security category.
(cherry picked from commit 2c4c02f8a876fcf084575dcaf857a0236c81261a)diff --git a/Lib/posixpath.py b/Lib/posixpath.py
index ca578a5..785aa72 100644
--- a/Lib/posixpath.py
+++ b/Lib/posixpath.py
@@ -18,7 +18,7 @@
extsep = '.'
sep = '/'
pathsep = ':'
-defpath = ':/bin:/usr/bin'
+defpath = '/bin:/usr/bin'
altsep = None
devnull = '/dev/null'