diff --git a/4.2.0.tar.gz b/4.2.0.tar.gz deleted file mode 100644 index 9a2aa24..0000000 --- a/4.2.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:38633209c69e5c70212821afefabebed298fcb0e1d86ff9bac18d76c6193c5c1 -size 234304 diff --git a/CVE-2024-35195.patch b/CVE-2024-35195.patch new file mode 100644 index 0000000..86873de --- /dev/null +++ b/CVE-2024-35195.patch @@ -0,0 +1,25 @@ +From e33e0a437ecd895158c8cb4322a0cdad79312636 Mon Sep 17 00:00:00 2001 +From: Felix Fontein +Date: Mon, 20 May 2024 21:13:41 +0200 +Subject: [PATCH] Hotfix for requests 2.32.0. + +Signed-off-by: Felix Fontein +--- + docker/transport/basehttpadapter.py | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/docker/transport/basehttpadapter.py b/docker/transport/basehttpadapter.py +index dfbb193b9..281897a27 100644 +--- a/docker/transport/basehttpadapter.py ++++ b/docker/transport/basehttpadapter.py +@@ -6,3 +6,10 @@ def close(self): + super().close() + if hasattr(self, 'pools'): + self.pools.clear() ++ ++ # Hotfix for requests 2.32.0: its commit ++ # https://github.com/psf/requests/commit/c0813a2d910ea6b4f8438b91d315b8d181302356 ++ # changes requests.adapters.HTTPAdapter to no longer call get_connection() from ++ # send(), but instead call _get_connection(). ++ def _get_connection(self, request, *args, proxies=None, **kwargs): ++ return self.get_connection(request.url, proxies) diff --git a/docker-7.0.0.tar.gz b/docker-7.0.0.tar.gz new file mode 100644 index 0000000..81314ac --- /dev/null +++ b/docker-7.0.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:323736fb92cd9418fc5e7133bc953e11a9da04f4483f828b527db553f1e7e5a3 +size 258536 diff --git a/saltbundlepy-docker.changes b/saltbundlepy-docker.changes index 96b055b..c13c388 100644 --- a/saltbundlepy-docker.changes +++ b/saltbundlepy-docker.changes @@ -1,3 +1,188 @@ +------------------------------------------------------------------- +Fri Aug 23 14:08:56 UTC 2024 - Victor Zhestkov + +- Add CVE-2024-35195.patch (bsc#1224788) + * fix failure with updated python-requests + +- Update to 7.0.0: + * Removed SSL version (`ssl_version`) and explicit hostname + check (`assert_hostname`) options (#3185) + * Python 3.7+ supports TLSv1.3 by default + * Websocket support is no longer included by default (#3123) + * Use `pip install docker[websockets]` to include `websocket- + client` dependency + * By default, `docker-py` hijacks the TCP connection and does + not use Websockets + * Websocket client is only required to use + `attach_socket(container, ws=True)` + * Python 3.7 no longer supported (reached end-of-life June + 2023) (#3187) + * Python 3.12 support (#3185) + * Full `networking_config` support for `containers.create()` + * Replaces `network_driver_opt` (added in 6.1.0) + * Add `health()` property to container that returns status + (e.g. `unhealthy`) + * Add `pause` option to `container.commit()` (#3159) + * Add support for bind mount propagation (e.g. `rshared`, + `private`) + * Add support for `filters`, `keep_storage`, and `all` in + `prune_builds()` on API v1.39+ (#3192) + * Consistently return `docker.errors.NotFound` on 404 responses + * Validate tag format before push (#3191) + +- Update to 6.1.3: + * Bugfixes + Fix eventlet compatibility (#3132) + +- Update to 6.1.2: + * Bugfixes + Fix for socket timeouts on long docker exec calls (#3125) + Respect timeout param on Windows (#3112) + +- Update to 6.1.1: + * Upgrade Notes (6.1.x) + Errors are no longer returned during client initialization if + the credential helper cannot be found. A warning will be + emitted instead, and an error is returned if the credential + helper is used. + * Bugfixes + Fix containers.stats() hanging with stream=True + Correct return type in docs for containers.diff() method + +- Update to 6.1.0: + * Upgrade Notes + Errors are no longer returned during client initialization if + the credential helper cannot be found. A warning will be + emitted instead, and an error is returned if the credential + helper is used. + * Features + Python 3.11 support + Use poll() instead of select() on non-Windows platforms + New API fields + network_driver_opt on container run / create + one-shot on container stats + status on services list + * Bugfixes + Support for requests 2.29.0+ and urllib3 2.x + Do not strip characters from volume names + Fix connection leak on container.exec_* operations + Fix errors closing named pipes on Windows + +- Update to 6.0.1: + * Notice + This version is not compatible with requests 2.29+ or urllib3 + 2.x. + Either add requests < 2.29 and urllib3 < 2 to your requirements + or upgrade to to the latest docker-py release. + * Bugfixes + Fix for The pipe has been ended errors on Windows (#3056) + Support floats for timestamps in Docker logs (since / until) + (#3031) + +- Update to 6.0.0: + * Upgrade Notes + Minimum supported Python version is 3.7+ + When installing with pip, the docker[tls] extra is deprecated + and a no-op, use docker for same functionality (TLS support + is always available now) + Native Python SSH client (used by default / + use_ssh_client=False) will now + reject unknown host keys with + paramiko.ssh_exception.SSHException + Short IDs are now 12 characters instead of 10 characters + (same as Docker CLI) + Version metadata is now exposed as __version__ + * Features + Python 3.10 support + Automatically negotiate most secure TLS version + Add platform (e.g. linux/amd64, darwin/arm64) to container + create & run + Add support for GlobalJob and ReplicatedJobs for Swarm + Add remove() method on Image + Add force param to disable() on Plugin + * Bugfixes + Fix install issues on Windows related to pywin32 + Do not accept unknown SSH host keys in native Python SSH mode + Use 12 character short IDs for consistency with Docker CLI + Ignore trailing whitespace in .dockerignore files + Fix IPv6 host parsing when explicit port specified + Fix ProxyCommand option for SSH connections + Do not spawn extra subshell when launching external SSH + client + Improve exception semantics to preserve context + Documentation improvements (formatting, examples, typos, + missing params) + * Miscellaneous + Upgrade dependencies in requirements.txt to latest versions + Remove extraneous transitive dependencies + Eliminate usages of deprecated functions/methods + Test suite reliability improvements + GitHub Actions workflows for linting, unit tests, integration + tests, and publishing releases + +- `six` is not required as well + +- `mock` actually not required for build + +- Update to 5.0.3: + * Add cap_add and cap_drop parameters to service create and ContainerSpec + * Add templating parameter to config create + * Bump urllib3 to 1.26.5 + * Bump requests to 2.26.0 + * Remove support for Python 2.7 + * Make Python 3.6 the minimum version supported + +- Update to 4.4.4: + * Bugfixes + Remove LD_LIBRARY_PATH and SSL_CERT_FILE environment variables + when shelling out to the ssh client + +- Update to 4.4.3: + * Features + Add support for docker.types.Placement.MaxReplicas + * Bugfixes + Fix SSH port parsing when shelling out to the ssh client + +- Update to 4.4.2: + * Bugfixes + Fix SSH connection bug where the hostname was incorrectly trimmed + and the error was hidden + Fix docs example + * Miscellaneous + Add Python3.8 and 3.9 in setup.py classifier list + +- Update to 4.4.1: + * Bugfixes + Avoid setting unsuported parameter for subprocess.Popen on Windows + Replace use of deprecated "filter" argument on ""docker/api/image" + +- Update to 4.4.0: + * Add an alternative SSH connection to the paramiko one, based on + shelling out to the SSh client. Similar to the behaviour of Docker cli + * Default image tag to `latest` on `pull` + * Fix plugin model upgrade + * Fix examples URL in ulimits + * Improve exception messages for server and client errors + * Bump cryptography from 2.3 to 3.2 + * Set default API version to `auto` + * Fix conversion to bytes for `float` + * Support OpenSSH `identityfile` option + * Add `DeviceRequest` type to expose host resources such as GPUs + * Add support for `DriverOpts` in EndpointConfig + * Disable compression by default when using container.get_archive method + * Update default API version to v1.39 + * Update test engine version to 19.03.12 + +- Update to 4.2.2: + * Fix context load for non-docker endpoints + +- Update to 4.2.1: + * Add option on when to use `tls` on Context constructor + * Make context orchestrator field optional + +- Added: + * CVE-2024-35195.patch + ------------------------------------------------------------------- Mon Apr 4 11:23:36 UTC 2022 - Victor Zhestkov diff --git a/saltbundlepy-docker.spec b/saltbundlepy-docker.spec index bf30c13..4cf619a 100644 --- a/saltbundlepy-docker.spec +++ b/saltbundlepy-docker.spec @@ -1,7 +1,7 @@ # # spec file for package saltbundlepy-docker # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,47 +19,46 @@ %{?!saltbundlepy_module:%define saltbundlepy_module() saltbundlepy-%{**}} %define pythons saltbundlepy -# Disable python bytecompile for all distros -# It's called explicitly in the spec -%global __brp_python_bytecompile %{nil} - Name: saltbundlepy-docker -Version: 4.2.0 +Version: 7.0.0 Release: 0 -Summary: Docker API Client +Summary: A Python library for the Docker Engine API License: Apache-2.0 Group: System/Management URL: https://github.com/docker/docker-py -Source0: https://github.com/docker/docker-py/archive/%{version}.tar.gz -BuildRequires: %{saltbundlepy_module base >= 3.10} +Source: https://files.pythonhosted.org/packages/source/d/docker/docker-%{version}.tar.gz +# PATCH-FIX-UPSTREAM picked from https://github.com/docker/docker-py/pull/3257 Fix for requests 2.32 +Patch: CVE-2024-35195.patch +BuildRequires: %{saltbundlepy_module pip} +BuildRequires: %{saltbundlepy_module setuptools >= 45} +BuildRequires: %{saltbundlepy_module setuptools-scm >= 6.2} +BuildRequires: %{saltbundlepy_module wheel} +BuildRequires: %{saltbundlepy_module base >= 3.11} BuildRequires: %{saltbundlepy_module docker-pycreds >= 0.4.0} BuildRequires: %{saltbundlepy_module paramiko >= 2.4.2} BuildRequires: %{saltbundlepy_module pytest} BuildRequires: %{saltbundlepy_module requests >= 2.20.0} -BuildRequires: %{saltbundlepy_module setuptools} -BuildRequires: %{saltbundlepy_module six >= 1.10.0} BuildRequires: %{saltbundlepy_module websocket-client >= 0.40.0} BuildRequires: fdupes BuildRequires: saltbundlepy-rpm-macros Requires: saltbundlepy-docker-pycreds >= 0.4.0 Requires: saltbundlepy-paramiko >= 2.4.2 Requires: saltbundlepy-requests >= 2.20.0 -Requires: saltbundlepy-six >= 1.10.0 Requires: saltbundlepy-websocket-client >= 0.40.0 BuildArch: noarch %python_subpackages %description -A docker API client in Python +A Python library for the Docker Engine API. %prep -%setup -q -n docker-py-%{version} +%autosetup -p1 -n docker-%{version} %build -%python_build +%pyproject_wheel %install -%python_install +%pyproject_install %python_expand %fdupes %{buildroot}%{$python_sitelib} %check @@ -70,11 +69,9 @@ A docker API client in Python %endif %files %{python_files} -%license LICENSE %doc README.md -%dir %{python_sitelib}/docker -%dir %{python_sitelib}/docker-%{version}-*.egg-info -%{python_sitelib}/docker/* -%{python_sitelib}/docker*egg-info/* +%license LICENSE +%{python_sitelib}/docker +%{python_sitelib}/docker-%{version}.dist-info %changelog