Sync from SUSE:ALP:Source:Standard:1.0 saltbundlepy-docker revision 73fc5d8f966f2f90ec115d2b4376fb73

2024-11-15 12:52:54 +01:00 · 2024-11-15 12:52:54 +01:00 · 3d4f8cf48b
commit 3d4f8cf48b
parent 08df1bd934
5 changed files with 231 additions and 24 deletions
--- a/4.2.0.tar.gz
+++ b/4.2.0.tar.gz
--- a/CVE-2024-35195.patch
+++ b/CVE-2024-35195.patch
@ -0,0 +1,25 @@
+From e33e0a437ecd895158c8cb4322a0cdad79312636 Mon Sep 17 00:00:00 2001
+From: Felix Fontein <felix@fontein.de>
+Date: Mon, 20 May 2024 21:13:41 +0200
+Subject: [PATCH] Hotfix for requests 2.32.0.
+
+Signed-off-by: Felix Fontein <felix@fontein.de>
+---
+ docker/transport/basehttpadapter.py | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/docker/transport/basehttpadapter.py b/docker/transport/basehttpadapter.py
+index dfbb193b9..281897a27 100644
+--- a/docker/transport/basehttpadapter.py
+++ b/docker/transport/basehttpadapter.py
+@@ -6,3 +6,10 @@ def close(self):
+         super().close()
+         if hasattr(self, 'pools'):
+             self.pools.clear()
+
+    # Hotfix for requests 2.32.0: its commit
+    # https://github.com/psf/requests/commit/c0813a2d910ea6b4f8438b91d315b8d181302356
+    # changes requests.adapters.HTTPAdapter to no longer call get_connection() from
+    # send(), but instead call _get_connection().
+    def _get_connection(self, request, *args, proxies=None, **kwargs):
+        return self.get_connection(request.url, proxies)
--- a/docker-7.0.0.tar.gz
+++ b/docker-7.0.0.tar.gz
--- a/saltbundlepy-docker.changes
+++ b/saltbundlepy-docker.changes
@ -1,3 +1,188 @@
+-------------------------------------------------------------------
+Fri Aug 23 14:08:56 UTC 2024 - Victor Zhestkov <vzhestkov@suse.com>
+
+- Add CVE-2024-35195.patch (bsc#1224788)
+  * fix failure with updated python-requests
+
+- Update to 7.0.0:
+  * Removed SSL version (`ssl_version`) and explicit hostname
+    check (`assert_hostname`) options (#3185)
+  * Python 3.7+ supports TLSv1.3 by default
+  * Websocket support is no longer included by default (#3123)
+  * Use `pip install docker[websockets]` to include `websocket-
+    client` dependency
+  * By default, `docker-py` hijacks the TCP connection and does
+    not use Websockets
+  * Websocket client is only required to use
+    `attach_socket(container, ws=True)`
+  * Python 3.7 no longer supported (reached end-of-life June
+    2023) (#3187)
+  * Python 3.12 support (#3185)
+  * Full `networking_config` support for `containers.create()`
+  * Replaces `network_driver_opt` (added in 6.1.0)
+  * Add `health()` property to container that returns status
+    (e.g. `unhealthy`)
+  * Add `pause` option to `container.commit()` (#3159)
+  * Add support for bind mount propagation (e.g. `rshared`,
+    `private`)
+  * Add support for `filters`, `keep_storage`, and `all` in
+    `prune_builds()` on API v1.39+ (#3192)
+  * Consistently return `docker.errors.NotFound` on 404 responses
+  * Validate tag format before push (#3191)
+
+- Update to 6.1.3:
+  * Bugfixes
+    Fix eventlet compatibility (#3132)
+
+- Update to 6.1.2:
+  * Bugfixes
+    Fix for socket timeouts on long docker exec calls (#3125)
+    Respect timeout param on Windows (#3112)
+
+- Update to 6.1.1:
+  * Upgrade Notes (6.1.x)
+    Errors are no longer returned during client initialization if
+    the credential helper cannot be found. A warning will be
+    emitted instead, and an error is returned if the credential
+    helper is used.
+  * Bugfixes
+    Fix containers.stats() hanging with stream=True
+    Correct return type in docs for containers.diff() method
+
+- Update to 6.1.0:
+  * Upgrade Notes
+    Errors are no longer returned during client initialization if
+    the credential helper cannot be found. A warning will be
+    emitted instead, and an error is returned if the credential
+    helper is used.
+  * Features
+    Python 3.11 support
+    Use poll() instead of select() on non-Windows platforms
+    New API fields
+     network_driver_opt on container run / create
+     one-shot on container stats
+     status on services list
+  * Bugfixes
+    Support for requests 2.29.0+ and urllib3 2.x
+    Do not strip characters from volume names
+    Fix connection leak on container.exec_* operations
+    Fix errors closing named pipes on Windows
+
+- Update to 6.0.1:
+  * Notice
+    This version is not compatible with requests 2.29+ or urllib3
+    2.x.
+    Either add requests < 2.29 and urllib3 < 2 to your requirements
+    or upgrade to to the latest docker-py release.
+  * Bugfixes
+    Fix for The pipe has been ended errors on Windows (#3056)
+    Support floats for timestamps in Docker logs (since / until)
+    (#3031)
+
+- Update to 6.0.0:
+  * Upgrade Notes
+    Minimum supported Python version is 3.7+
+    When installing with pip, the docker[tls] extra is deprecated
+    and a no-op, use docker for same functionality (TLS support
+    is always available now)
+    Native Python SSH client (used by default /
+    use_ssh_client=False) will now
+    reject unknown host keys with
+    paramiko.ssh_exception.SSHException
+    Short IDs are now 12 characters instead of 10 characters
+    (same as Docker CLI)
+    Version metadata is now exposed as __version__
+  * Features
+    Python 3.10 support
+    Automatically negotiate most secure TLS version
+    Add platform (e.g. linux/amd64, darwin/arm64) to container
+     create & run
+     Add support for GlobalJob and ReplicatedJobs for Swarm
+    Add remove() method on Image
+    Add force param to disable() on Plugin
+  * Bugfixes
+    Fix install issues on Windows related to pywin32
+    Do not accept unknown SSH host keys in native Python SSH mode
+    Use 12 character short IDs for consistency with Docker CLI
+    Ignore trailing whitespace in .dockerignore files
+    Fix IPv6 host parsing when explicit port specified
+    Fix ProxyCommand option for SSH connections
+    Do not spawn extra subshell when launching external SSH
+    client
+    Improve exception semantics to preserve context
+    Documentation improvements (formatting, examples, typos,
+    missing params)
+  * Miscellaneous
+    Upgrade dependencies in requirements.txt to latest versions
+    Remove extraneous transitive dependencies
+    Eliminate usages of deprecated functions/methods
+    Test suite reliability improvements
+    GitHub Actions workflows for linting, unit tests, integration
+    tests, and publishing releases
+
+- `six` is not required as well
+
+- `mock` actually not required for build
+
+- Update to 5.0.3:
+  * Add cap_add and cap_drop parameters to service create and ContainerSpec
+  * Add templating parameter to config create
+  * Bump urllib3 to 1.26.5
+  * Bump requests to 2.26.0
+  * Remove support for Python 2.7
+  * Make Python 3.6 the minimum version supported
+
+- Update to 4.4.4:
+  * Bugfixes
+    Remove LD_LIBRARY_PATH and SSL_CERT_FILE environment variables
+    when shelling out to the ssh client
+
+- Update to 4.4.3:
+  * Features
+    Add support for docker.types.Placement.MaxReplicas
+  * Bugfixes
+    Fix SSH port parsing when shelling out to the ssh client
+
+- Update to 4.4.2:
+  * Bugfixes
+    Fix SSH connection bug where the hostname was incorrectly trimmed
+    and the error was hidden
+    Fix docs example
+  * Miscellaneous
+    Add Python3.8 and 3.9 in setup.py classifier list
+
+- Update to 4.4.1:
+  * Bugfixes
+    Avoid setting unsuported parameter for subprocess.Popen on Windows
+    Replace use of deprecated "filter" argument on ""docker/api/image"
+
+- Update to 4.4.0:
+  * Add an alternative SSH connection to the paramiko one, based on
+    shelling out to the SSh client. Similar to the behaviour of Docker cli
+  * Default image tag to `latest` on `pull`
+  * Fix plugin model upgrade
+  * Fix examples URL in ulimits
+  * Improve exception messages for server and client errors
+  * Bump cryptography from 2.3 to 3.2
+  * Set default API version to `auto`
+  * Fix conversion to bytes for `float`
+  * Support OpenSSH `identityfile` option
+  * Add `DeviceRequest` type to expose host resources such as GPUs
+  * Add support for `DriverOpts` in EndpointConfig
+  * Disable compression by default when using container.get_archive method
+  * Update default API version to v1.39
+  * Update test engine version to 19.03.12
+
+- Update to 4.2.2:
+  * Fix context load for non-docker endpoints
+
+- Update to 4.2.1:
+  * Add option on when to use `tls` on Context constructor
+  * Make context orchestrator field optional
+
+- Added:
+  * CVE-2024-35195.patch
+
 -------------------------------------------------------------------
 Mon Apr  4 11:23:36 UTC 2022 - Victor Zhestkov <victor.zhestkov@suse.com>

--- a/saltbundlepy-docker.spec
+++ b/saltbundlepy-docker.spec
@ -1,7 +1,7 @@
 #
 # spec file for package saltbundlepy-docker
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -19,47 +19,46 @@
 %{?!saltbundlepy_module:%define saltbundlepy_module() saltbundlepy-%{**}}
 %define pythons saltbundlepy

-# Disable python bytecompile for all distros
-# It's called explicitly in the spec
-%global __brp_python_bytecompile %{nil}
-
 Name:           saltbundlepy-docker
-Version:        4.2.0
+Version:        7.0.0
 Release:        0
-Summary:        Docker API Client
+Summary:        A Python library for the Docker Engine API
 License:        Apache-2.0
 Group:          System/Management
 URL:            https://github.com/docker/docker-py
-Source0:        https://github.com/docker/docker-py/archive/%{version}.tar.gz
-BuildRequires:  %{saltbundlepy_module base >= 3.10}
+Source:         https://files.pythonhosted.org/packages/source/d/docker/docker-%{version}.tar.gz
+# PATCH-FIX-UPSTREAM picked from https://github.com/docker/docker-py/pull/3257 Fix for requests 2.32
+Patch:          CVE-2024-35195.patch
+BuildRequires:  %{saltbundlepy_module pip}
+BuildRequires:  %{saltbundlepy_module setuptools >= 45}
+BuildRequires:  %{saltbundlepy_module setuptools-scm >= 6.2}
+BuildRequires:  %{saltbundlepy_module wheel}
+BuildRequires:  %{saltbundlepy_module base >= 3.11}
 BuildRequires:  %{saltbundlepy_module docker-pycreds >= 0.4.0}
 BuildRequires:  %{saltbundlepy_module paramiko >= 2.4.2}
 BuildRequires:  %{saltbundlepy_module pytest}
 BuildRequires:  %{saltbundlepy_module requests >= 2.20.0}
-BuildRequires:  %{saltbundlepy_module setuptools}
-BuildRequires:  %{saltbundlepy_module six >= 1.10.0}
 BuildRequires:  %{saltbundlepy_module websocket-client >= 0.40.0}
 BuildRequires:  fdupes
 BuildRequires:  saltbundlepy-rpm-macros
 Requires:       saltbundlepy-docker-pycreds >= 0.4.0
 Requires:       saltbundlepy-paramiko >= 2.4.2
 Requires:       saltbundlepy-requests >= 2.20.0
-Requires:       saltbundlepy-six >= 1.10.0
 Requires:       saltbundlepy-websocket-client >= 0.40.0
 BuildArch:      noarch
 %python_subpackages

 %description
-A docker API client in Python
+A Python library for the Docker Engine API.

 %prep
-%setup -q -n docker-py-%{version}
+%autosetup -p1 -n docker-%{version}

 %build
-%python_build
+%pyproject_wheel

 %install
-%python_install
+%pyproject_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}

 %check
@ -70,11 +69,9 @@ A docker API client in Python
 %endif

 %files %{python_files}
-%license LICENSE
 %doc README.md
-%dir %{python_sitelib}/docker
-%dir %{python_sitelib}/docker-%{version}-*.egg-info
-%{python_sitelib}/docker/*
-%{python_sitelib}/docker*egg-info/*
+%license LICENSE
+%{python_sitelib}/docker
+%{python_sitelib}/docker-%{version}.dist-info

 %changelog