File _service:tar_scm:fix-CVE-2023-24329.patch of Package python3

From 1bad5b2ebc2f3cb663ce425b9979b4ec4dce27b2 Mon Sep 17 00:00:00 2001
From: shixuantong <shixuantong1@huawei.com>
Date: Thu, 6 Apr 2023 03:30:44 +0000
Subject: [PATCH] fix CVE-2023-24329

---
 Lib/test/test_urlparse.py | 7 +++++++
 Lib/urllib/parse.py       | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
index f42ed9b..b310017 100644
--- a/Lib/test/test_urlparse.py
+++ b/Lib/test/test_urlparse.py
@@ -683,6 +683,13 @@ class UrlParseTestCase(unittest.TestCase):
                         else:
                             self.assertEqual(p.scheme, "")
 
+    def test_attributes_bad_scheme_CVE_2023_24329(self):
+        """Check handling of invalid schemes that starts with blank characters."""
+        for parse in (urllib.parse.urlsplit, urllib.parse.urlparse):
+            url = " https://www.example.net"
+            p = parse(url)
+            self.assertEqual(p.scheme, "https")
+
     def test_attributes_without_netloc(self):
         # This example is straight from RFC 3261.  It looks like it
         # should allow the username, hostname, and port to be filled
diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
index bd59852..7eb3ad8 100644
--- a/Lib/urllib/parse.py
+++ b/Lib/urllib/parse.py
@@ -454,7 +454,7 @@ def urlsplit(url, scheme='', allow_fragments=True):
 
     Note that % escapes are not expanded.
     """
-
+    url = url.lstrip()
     url, scheme, _coerce_result = _coerce_args(url, scheme)
 
     for b in _UNSAFE_URL_BYTES_TO_REMOVE:
-- 
2.33.0