Sync from SUSE:ALP:Source:Standard:1.0 saltbundlepy-urllib3 revision cadb12ccb5fa1cc55fcc1ccd8e742bee
This commit is contained in:
parent
44345f84cb
commit
12a81548d5
154
CVE-2024-37891.patch
Normal file
154
CVE-2024-37891.patch
Normal file
@ -0,0 +1,154 @@
|
|||||||
|
From accff72ecc2f6cf5a76d9570198a93ac7c90270e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Quentin Pradet <quentin.pradet@gmail.com>
|
||||||
|
Date: Mon, 17 Jun 2024 11:09:06 +0400
|
||||||
|
Subject: [PATCH] Merge pull request from GHSA-34jh-p97f-mpxf
|
||||||
|
|
||||||
|
* Strip Proxy-Authorization header on redirects
|
||||||
|
|
||||||
|
* Fix test_retry_default_remove_headers_on_redirect
|
||||||
|
|
||||||
|
* Set release date
|
||||||
|
---
|
||||||
|
CHANGES.rst | 5 +++++
|
||||||
|
src/urllib3/util/retry.py | 4 +++-
|
||||||
|
test/test_retry.py | 6 ++++-
|
||||||
|
test/with_dummyserver/test_poolmanager.py | 27 ++++++++++++++++++++---
|
||||||
|
4 files changed, 37 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
|
||||||
|
index 7a76a4a6ad..0456cceba4 100644
|
||||||
|
--- a/src/urllib3/util/retry.py
|
||||||
|
+++ b/src/urllib3/util/retry.py
|
||||||
|
@@ -189,7 +189,9 @@ class Retry:
|
||||||
|
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
||||||
|
|
||||||
|
#: Default headers to be used for ``remove_headers_on_redirect``
|
||||||
|
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
||||||
|
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
|
||||||
|
+ ["Cookie", "Authorization", "Proxy-Authorization"]
|
||||||
|
+ )
|
||||||
|
|
||||||
|
#: Default maximum backoff time.
|
||||||
|
DEFAULT_BACKOFF_MAX = 120
|
||||||
|
diff --git a/test/test_retry.py b/test/test_retry.py
|
||||||
|
index f71e7acc9e..ac3ce4ca73 100644
|
||||||
|
--- a/test/test_retry.py
|
||||||
|
+++ b/test/test_retry.py
|
||||||
|
@@ -334,7 +334,11 @@ def test_retry_method_not_allowed(self) -> None:
|
||||||
|
def test_retry_default_remove_headers_on_redirect(self) -> None:
|
||||||
|
retry = Retry()
|
||||||
|
|
||||||
|
- assert retry.remove_headers_on_redirect == {"authorization", "cookie"}
|
||||||
|
+ assert retry.remove_headers_on_redirect == {
|
||||||
|
+ "authorization",
|
||||||
|
+ "proxy-authorization",
|
||||||
|
+ "cookie",
|
||||||
|
+ }
|
||||||
|
|
||||||
|
def test_retry_set_remove_headers_on_redirect(self) -> None:
|
||||||
|
retry = Retry(remove_headers_on_redirect=["X-API-Secret"])
|
||||||
|
diff --git a/test/with_dummyserver/test_poolmanager.py b/test/with_dummyserver/test_poolmanager.py
|
||||||
|
index 4fa9ec850a..af77241d6c 100644
|
||||||
|
--- a/test/with_dummyserver/test_poolmanager.py
|
||||||
|
+++ b/test/with_dummyserver/test_poolmanager.py
|
||||||
|
@@ -144,7 +144,11 @@ def test_redirect_cross_host_remove_headers(self) -> None:
|
||||||
|
"GET",
|
||||||
|
f"{self.base_url}/redirect",
|
||||||
|
fields={"target": f"{self.base_url_alt}/headers"},
|
||||||
|
- headers={"Authorization": "foo", "Cookie": "foo=bar"},
|
||||||
|
+ headers={
|
||||||
|
+ "Authorization": "foo",
|
||||||
|
+ "Proxy-Authorization": "bar",
|
||||||
|
+ "Cookie": "foo=bar",
|
||||||
|
+ },
|
||||||
|
)
|
||||||
|
|
||||||
|
assert r.status == 200
|
||||||
|
@@ -152,13 +156,18 @@ def test_redirect_cross_host_remove_headers(self) -> None:
|
||||||
|
data = r.json()
|
||||||
|
|
||||||
|
assert "Authorization" not in data
|
||||||
|
+ assert "Proxy-Authorization" not in data
|
||||||
|
assert "Cookie" not in data
|
||||||
|
|
||||||
|
r = http.request(
|
||||||
|
"GET",
|
||||||
|
f"{self.base_url}/redirect",
|
||||||
|
fields={"target": f"{self.base_url_alt}/headers"},
|
||||||
|
- headers={"authorization": "foo", "cookie": "foo=bar"},
|
||||||
|
+ headers={
|
||||||
|
+ "authorization": "foo",
|
||||||
|
+ "proxy-authorization": "baz",
|
||||||
|
+ "cookie": "foo=bar",
|
||||||
|
+ },
|
||||||
|
)
|
||||||
|
|
||||||
|
assert r.status == 200
|
||||||
|
@@ -167,6 +176,8 @@ def test_redirect_cross_host_remove_headers(self) -> None:
|
||||||
|
|
||||||
|
assert "authorization" not in data
|
||||||
|
assert "Authorization" not in data
|
||||||
|
+ assert "proxy-authorization" not in data
|
||||||
|
+ assert "Proxy-Authorization" not in data
|
||||||
|
assert "cookie" not in data
|
||||||
|
assert "Cookie" not in data
|
||||||
|
|
||||||
|
@@ -176,7 +187,11 @@ def test_redirect_cross_host_no_remove_headers(self) -> None:
|
||||||
|
"GET",
|
||||||
|
f"{self.base_url}/redirect",
|
||||||
|
fields={"target": f"{self.base_url_alt}/headers"},
|
||||||
|
- headers={"Authorization": "foo", "Cookie": "foo=bar"},
|
||||||
|
+ headers={
|
||||||
|
+ "Authorization": "foo",
|
||||||
|
+ "Proxy-Authorization": "bar",
|
||||||
|
+ "Cookie": "foo=bar",
|
||||||
|
+ },
|
||||||
|
retries=Retry(remove_headers_on_redirect=[]),
|
||||||
|
)
|
||||||
|
|
||||||
|
@@ -185,6 +200,7 @@ def test_redirect_cross_host_no_remove_headers(self) -> None:
|
||||||
|
data = r.json()
|
||||||
|
|
||||||
|
assert data["Authorization"] == "foo"
|
||||||
|
+ assert data["Proxy-Authorization"] == "bar"
|
||||||
|
assert data["Cookie"] == "foo=bar"
|
||||||
|
|
||||||
|
def test_redirect_cross_host_set_removed_headers(self) -> None:
|
||||||
|
@@ -196,6 +212,7 @@ def test_redirect_cross_host_set_removed_headers(self) -> None:
|
||||||
|
headers={
|
||||||
|
"X-API-Secret": "foo",
|
||||||
|
"Authorization": "bar",
|
||||||
|
+ "Proxy-Authorization": "baz",
|
||||||
|
"Cookie": "foo=bar",
|
||||||
|
},
|
||||||
|
retries=Retry(remove_headers_on_redirect=["X-API-Secret"]),
|
||||||
|
@@ -207,11 +224,13 @@ def test_redirect_cross_host_set_removed_headers(self) -> None:
|
||||||
|
|
||||||
|
assert "X-API-Secret" not in data
|
||||||
|
assert data["Authorization"] == "bar"
|
||||||
|
+ assert data["Proxy-Authorization"] == "baz"
|
||||||
|
assert data["Cookie"] == "foo=bar"
|
||||||
|
|
||||||
|
headers = {
|
||||||
|
"x-api-secret": "foo",
|
||||||
|
"authorization": "bar",
|
||||||
|
+ "proxy-authorization": "baz",
|
||||||
|
"cookie": "foo=bar",
|
||||||
|
}
|
||||||
|
r = http.request(
|
||||||
|
@@ -229,12 +248,14 @@ def test_redirect_cross_host_set_removed_headers(self) -> None:
|
||||||
|
assert "x-api-secret" not in data
|
||||||
|
assert "X-API-Secret" not in data
|
||||||
|
assert data["Authorization"] == "bar"
|
||||||
|
+ assert data["Proxy-Authorization"] == "baz"
|
||||||
|
assert data["Cookie"] == "foo=bar"
|
||||||
|
|
||||||
|
# Ensure the header argument itself is not modified in-place.
|
||||||
|
assert headers == {
|
||||||
|
"x-api-secret": "foo",
|
||||||
|
"authorization": "bar",
|
||||||
|
+ "proxy-authorization": "baz",
|
||||||
|
"cookie": "foo=bar",
|
||||||
|
}
|
||||||
|
|
30
no-strict-OpenSSL-1.1.1.patch
Normal file
30
no-strict-OpenSSL-1.1.1.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
--- a/src/urllib3/__init__.py
|
||||||
|
+++ b/src/urllib3/__init__.py
|
||||||
|
@@ -22,27 +22,10 @@
|
||||||
|
from .util.retry import Retry
|
||||||
|
from .util.timeout import Timeout
|
||||||
|
|
||||||
|
-# Ensure that Python is compiled with OpenSSL 1.1.1+
|
||||||
|
-# If the 'ssl' module isn't available at all that's
|
||||||
|
-# fine, we only care if the module is available.
|
||||||
|
try:
|
||||||
|
import ssl
|
||||||
|
except ImportError:
|
||||||
|
pass
|
||||||
|
-else:
|
||||||
|
- if not ssl.OPENSSL_VERSION.startswith("OpenSSL "): # Defensive:
|
||||||
|
- warnings.warn(
|
||||||
|
- "urllib3 v2.0 only supports OpenSSL 1.1.1+, currently "
|
||||||
|
- f"the 'ssl' module is compiled with {ssl.OPENSSL_VERSION!r}. "
|
||||||
|
- "See: https://github.com/urllib3/urllib3/issues/3020",
|
||||||
|
- exceptions.NotOpenSSLWarning,
|
||||||
|
- )
|
||||||
|
- elif ssl.OPENSSL_VERSION_INFO < (1, 1, 1): # Defensive:
|
||||||
|
- raise ImportError(
|
||||||
|
- "urllib3 v2.0 only supports OpenSSL 1.1.1+, currently "
|
||||||
|
- f"the 'ssl' module is compiled with {ssl.OPENSSL_VERSION!r}. "
|
||||||
|
- "See: https://github.com/urllib3/urllib3/issues/2168"
|
||||||
|
- )
|
||||||
|
|
||||||
|
# === NOTE TO REPACKAGERS AND VENDORS ===
|
||||||
|
# Please delete this block, this logic is only
|
@ -1,34 +0,0 @@
|
|||||||
Index: urllib3-1.26.18/changelog/3268.bugfix.rst
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null
|
|
||||||
+++ urllib3-1.26.18/changelog/3268.bugfix.rst
|
|
||||||
@@ -0,0 +1 @@
|
|
||||||
+Fixed handling of OpenSSL 3.2.0 new error message for misconfiguring an HTTP proxy as HTTPS.
|
|
||||||
Index: urllib3-1.26.18/test/with_dummyserver/test_socketlevel.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.18.orig/test/with_dummyserver/test_socketlevel.py
|
|
||||||
+++ urllib3-1.26.18/test/with_dummyserver/test_socketlevel.py
|
|
||||||
@@ -1226,7 +1226,8 @@ class TestSSL(SocketDummyServerTestCase)
|
|
||||||
self._start_server(socket_handler)
|
|
||||||
with HTTPSConnectionPool(self.host, self.port, ca_certs=DEFAULT_CA) as pool:
|
|
||||||
with pytest.raises(
|
|
||||||
- SSLError, match=r"(wrong version number|record overflow)"
|
|
||||||
+ SSLError,
|
|
||||||
+ match=r"(wrong version number|record overflow|record layer failure)",
|
|
||||||
):
|
|
||||||
pool.request("GET", "/", retries=False)
|
|
||||||
|
|
||||||
Index: urllib3-1.26.18/src/urllib3/connectionpool.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.18.orig/src/urllib3/connectionpool.py
|
|
||||||
+++ urllib3-1.26.18/src/urllib3/connectionpool.py
|
|
||||||
@@ -768,7 +768,8 @@ class HTTPConnectionPool(ConnectionPool,
|
|
||||||
# so we try to cover our bases here!
|
|
||||||
message = " ".join(re.split("[^a-z]", str(ssl_error).lower()))
|
|
||||||
return (
|
|
||||||
- "wrong version number" in message or "unknown protocol" in message
|
|
||||||
+ "wrong version number" in message or "unknown protocol" in message or "record layer failure" in message
|
|
||||||
+
|
|
||||||
)
|
|
||||||
|
|
||||||
# Try to detect a common user error with proxies which is to
|
|
@ -1,261 +0,0 @@
|
|||||||
Index: urllib3-1.26.16/docs/conf.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/docs/conf.py
|
|
||||||
+++ urllib3-1.26.16/docs/conf.py
|
|
||||||
@@ -14,7 +14,10 @@ sys.path.insert(0, root_path)
|
|
||||||
# Mock some expensive/platform-specific modules so build will work.
|
|
||||||
# (https://read-the-docs.readthedocs.io/en/latest/faq.html#\
|
|
||||||
# i-get-import-errors-on-libraries-that-depend-on-c-modules)
|
|
||||||
-import mock
|
|
||||||
+try:
|
|
||||||
+ import unittest.mock as mock
|
|
||||||
+except ImportError:
|
|
||||||
+ import mock
|
|
||||||
|
|
||||||
|
|
||||||
class MockModule(mock.Mock):
|
|
||||||
Index: urllib3-1.26.16/test/contrib/test_pyopenssl.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/contrib/test_pyopenssl.py
|
|
||||||
+++ urllib3-1.26.16/test/contrib/test_pyopenssl.py
|
|
||||||
@@ -1,7 +1,10 @@
|
|
||||||
# -*- coding: utf-8 -*-
|
|
||||||
import os
|
|
||||||
|
|
||||||
-import mock
|
|
||||||
+try:
|
|
||||||
+ import unittest.mock as mock
|
|
||||||
+except ImportError:
|
|
||||||
+ import mock
|
|
||||||
import pytest
|
|
||||||
|
|
||||||
try:
|
|
||||||
Index: urllib3-1.26.16/test/contrib/test_pyopenssl_dependencies.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/contrib/test_pyopenssl_dependencies.py
|
|
||||||
+++ urllib3-1.26.16/test/contrib/test_pyopenssl_dependencies.py
|
|
||||||
@@ -1,6 +1,9 @@
|
|
||||||
# -*- coding: utf-8 -*-
|
|
||||||
import pytest
|
|
||||||
-from mock import Mock, patch
|
|
||||||
+try:
|
|
||||||
+ from unittest.mock import Mock, patch
|
|
||||||
+except ImportError:
|
|
||||||
+ from mock import Mock, patch
|
|
||||||
|
|
||||||
try:
|
|
||||||
from urllib3.contrib.pyopenssl import extract_from_urllib3, inject_into_urllib3
|
|
||||||
Index: urllib3-1.26.16/test/test_connection.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/test_connection.py
|
|
||||||
+++ urllib3-1.26.16/test/test_connection.py
|
|
||||||
@@ -1,6 +1,9 @@
|
|
||||||
import datetime
|
|
||||||
|
|
||||||
-import mock
|
|
||||||
+try:
|
|
||||||
+ import unittest.mock as mock
|
|
||||||
+except ImportError:
|
|
||||||
+ import mock
|
|
||||||
import pytest
|
|
||||||
|
|
||||||
from urllib3.connection import RECENT_DATE, CertificateError, _match_hostname
|
|
||||||
Index: urllib3-1.26.16/test/test_connectionpool.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/test_connectionpool.py
|
|
||||||
+++ urllib3-1.26.16/test/test_connectionpool.py
|
|
||||||
@@ -6,7 +6,10 @@ from ssl import SSLError as BaseSSLError
|
|
||||||
from test import SHORT_TIMEOUT
|
|
||||||
|
|
||||||
import pytest
|
|
||||||
-from mock import Mock
|
|
||||||
+try:
|
|
||||||
+ from unittest.mock import Mock
|
|
||||||
+except ImportError:
|
|
||||||
+ from mock import Mock
|
|
||||||
|
|
||||||
from dummyserver.server import DEFAULT_CA
|
|
||||||
from urllib3._collections import HTTPHeaderDict
|
|
||||||
Index: urllib3-1.26.16/test/test_queue_monkeypatch.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/test_queue_monkeypatch.py
|
|
||||||
+++ urllib3-1.26.16/test/test_queue_monkeypatch.py
|
|
||||||
@@ -1,6 +1,9 @@
|
|
||||||
from __future__ import absolute_import
|
|
||||||
|
|
||||||
-import mock
|
|
||||||
+try:
|
|
||||||
+ import unittest.mock as mock
|
|
||||||
+except ImportError:
|
|
||||||
+ import mock
|
|
||||||
import pytest
|
|
||||||
|
|
||||||
from urllib3 import HTTPConnectionPool
|
|
||||||
Index: urllib3-1.26.16/test/test_response.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/test_response.py
|
|
||||||
+++ urllib3-1.26.16/test/test_response.py
|
|
||||||
@@ -9,7 +9,10 @@ from base64 import b64decode
|
|
||||||
from io import BufferedReader, BytesIO, TextIOWrapper
|
|
||||||
from test import onlyBrotlipy
|
|
||||||
|
|
||||||
-import mock
|
|
||||||
+try:
|
|
||||||
+ import unittest.mock as mock
|
|
||||||
+except ImportError:
|
|
||||||
+ import mock
|
|
||||||
import pytest
|
|
||||||
import six
|
|
||||||
|
|
||||||
Index: urllib3-1.26.16/test/test_retry.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/test_retry.py
|
|
||||||
+++ urllib3-1.26.16/test/test_retry.py
|
|
||||||
@@ -1,6 +1,9 @@
|
|
||||||
import warnings
|
|
||||||
|
|
||||||
-import mock
|
|
||||||
+try:
|
|
||||||
+ import unittest.mock as mock
|
|
||||||
+except ImportError:
|
|
||||||
+ import mock
|
|
||||||
import pytest
|
|
||||||
|
|
||||||
from urllib3.exceptions import (
|
|
||||||
Index: urllib3-1.26.16/test/test_retry_deprecated.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/test_retry_deprecated.py
|
|
||||||
+++ urllib3-1.26.16/test/test_retry_deprecated.py
|
|
||||||
@@ -1,7 +1,10 @@
|
|
||||||
# This is a copy-paste of test_retry.py with extra asserts about deprecated options. It will be removed for v2.
|
|
||||||
import warnings
|
|
||||||
|
|
||||||
-import mock
|
|
||||||
+try:
|
|
||||||
+ import unittest.mock as mock
|
|
||||||
+except ImportError:
|
|
||||||
+ import mock
|
|
||||||
import pytest
|
|
||||||
|
|
||||||
from urllib3.exceptions import (
|
|
||||||
Index: urllib3-1.26.16/test/test_ssl.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/test_ssl.py
|
|
||||||
+++ urllib3-1.26.16/test/test_ssl.py
|
|
||||||
@@ -1,6 +1,9 @@
|
|
||||||
from test import notPyPy2
|
|
||||||
|
|
||||||
-import mock
|
|
||||||
+try:
|
|
||||||
+ import unittest.mock as mock
|
|
||||||
+except ImportError:
|
|
||||||
+ import mock
|
|
||||||
import pytest
|
|
||||||
|
|
||||||
from urllib3.exceptions import SNIMissingWarning
|
|
||||||
Index: urllib3-1.26.16/test/test_ssltransport.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/test_ssltransport.py
|
|
||||||
+++ urllib3-1.26.16/test/test_ssltransport.py
|
|
||||||
@@ -4,7 +4,10 @@ import socket
|
|
||||||
import ssl
|
|
||||||
import sys
|
|
||||||
|
|
||||||
-import mock
|
|
||||||
+try:
|
|
||||||
+ import unittest.mock as mock
|
|
||||||
+except ImportError:
|
|
||||||
+ import mock
|
|
||||||
import pytest
|
|
||||||
|
|
||||||
from dummyserver.server import DEFAULT_CA, DEFAULT_CERTS
|
|
||||||
Index: urllib3-1.26.16/test/test_util.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/test_util.py
|
|
||||||
+++ urllib3-1.26.16/test/test_util.py
|
|
||||||
@@ -9,7 +9,10 @@ from itertools import chain
|
|
||||||
from test import notBrotlipy, onlyBrotlipy, onlyPy2, onlyPy3
|
|
||||||
|
|
||||||
import pytest
|
|
||||||
-from mock import Mock, patch
|
|
||||||
+try:
|
|
||||||
+ from unittest.mock import Mock, patch
|
|
||||||
+except ImportError:
|
|
||||||
+ from mock import Mock, patch
|
|
||||||
|
|
||||||
from urllib3 import add_stderr_logger, disable_warnings, util
|
|
||||||
from urllib3.exceptions import (
|
|
||||||
Index: urllib3-1.26.16/test/with_dummyserver/test_connectionpool.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/with_dummyserver/test_connectionpool.py
|
|
||||||
+++ urllib3-1.26.16/test/with_dummyserver/test_connectionpool.py
|
|
||||||
@@ -12,7 +12,10 @@ import warnings
|
|
||||||
from test import LONG_TIMEOUT, SHORT_TIMEOUT, onlyPy2
|
|
||||||
from threading import Event
|
|
||||||
|
|
||||||
-import mock
|
|
||||||
+try:
|
|
||||||
+ import unittest.mock as mock
|
|
||||||
+except ImportError:
|
|
||||||
+ import mock
|
|
||||||
import pytest
|
|
||||||
import six
|
|
||||||
|
|
||||||
Index: urllib3-1.26.16/test/with_dummyserver/test_https.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/with_dummyserver/test_https.py
|
|
||||||
+++ urllib3-1.26.16/test/with_dummyserver/test_https.py
|
|
||||||
@@ -18,7 +18,10 @@ from test import (
|
|
||||||
resolvesLocalhostFQDN,
|
|
||||||
)
|
|
||||||
|
|
||||||
-import mock
|
|
||||||
+try:
|
|
||||||
+ import unittest.mock as mock
|
|
||||||
+except ImportError:
|
|
||||||
+ import mock
|
|
||||||
import pytest
|
|
||||||
import trustme
|
|
||||||
|
|
||||||
Index: urllib3-1.26.16/test/with_dummyserver/test_socketlevel.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/with_dummyserver/test_socketlevel.py
|
|
||||||
+++ urllib3-1.26.16/test/with_dummyserver/test_socketlevel.py
|
|
||||||
@@ -54,7 +54,10 @@ from test import (
|
|
||||||
)
|
|
||||||
from threading import Event
|
|
||||||
|
|
||||||
-import mock
|
|
||||||
+try:
|
|
||||||
+ import unittest.mock as mock
|
|
||||||
+except ImportError:
|
|
||||||
+ import mock
|
|
||||||
import pytest
|
|
||||||
import trustme
|
|
||||||
|
|
||||||
Index: urllib3-1.26.16/test/test_poolmanager.py
|
|
||||||
===================================================================
|
|
||||||
--- urllib3-1.26.16.orig/test/test_poolmanager.py
|
|
||||||
+++ urllib3-1.26.16/test/test_poolmanager.py
|
|
||||||
@@ -3,7 +3,11 @@ import socket
|
|
||||||
from test import resolvesLocalhostFQDN
|
|
||||||
|
|
||||||
import pytest
|
|
||||||
-from mock import patch
|
|
||||||
+
|
|
||||||
+try:
|
|
||||||
+ import unittest.mock as mock
|
|
||||||
+except ImportError:
|
|
||||||
+ import mock
|
|
||||||
|
|
||||||
from urllib3 import connection_from_url
|
|
||||||
from urllib3.exceptions import LocationValueError
|
|
||||||
@@ -361,7 +365,7 @@ class TestPoolManager(object):
|
|
||||||
"http://[a::b%25zone]",
|
|
||||||
],
|
|
||||||
)
|
|
||||||
- @patch("urllib3.util.connection.create_connection")
|
|
||||||
+ @mock.patch("urllib3.util.connection.create_connection")
|
|
||||||
def test_e2e_connect_to_ipv6_scoped(self, create_connection, url):
|
|
||||||
"""Checks that IPv6 scoped addresses are properly handled end-to-end.
|
|
||||||
|
|
@ -1,3 +1,105 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 23 08:31:44 UTC 2024 - Victor Zhestkov <vzhestkov@suse.com>
|
||||||
|
|
||||||
|
- Add CVE-2024-37891.patch (bsc#1226469, bsc#1229654)
|
||||||
|
|
||||||
|
- Remove strict OpenSSL 1.1.1 version checking
|
||||||
|
|
||||||
|
- Update to 2.0.7 (bsc#1216377, CVE-2023-45803):
|
||||||
|
* Made body stripped from HTTP requests changing the request method
|
||||||
|
to GET after HTTP 303 "See Other" redirect responses.
|
||||||
|
|
||||||
|
- Update Buildrequires to upstream list.
|
||||||
|
|
||||||
|
- Update to 2.0.6 (bsc#1215968, CVE-2023-43804):
|
||||||
|
* Added the Cookie header to the list of headers to strip from
|
||||||
|
requests when redirecting to a different host. As before, different
|
||||||
|
headers can be set via Retry.remove_headers_on_redirect
|
||||||
|
|
||||||
|
- Update to 2.0.5:
|
||||||
|
* Allowed pyOpenSSL third-party module without any deprecation
|
||||||
|
warning. #3126
|
||||||
|
* Fixed default blocksize of HTTPConnection classes to match
|
||||||
|
high-level classes. Previously was 8KiB, now 16KiB. #3066
|
||||||
|
|
||||||
|
- Update to 2.0.4:
|
||||||
|
* Added support for union operators to ``HTTPHeaderDict``
|
||||||
|
* Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (`#3078
|
||||||
|
* Fixed ``urllib3.connection.HTTPConnection`` to raise the
|
||||||
|
``http.client.connect`` audit event to have the same behavior
|
||||||
|
as the standard library HTTP client
|
||||||
|
* Relied on the standard library for checking hostnames in
|
||||||
|
supported PyPy releases
|
||||||
|
|
||||||
|
- Disable test_deprecated_no_scheme so it needs network connection to
|
||||||
|
run correctly.
|
||||||
|
|
||||||
|
- Update to 2.0.3:
|
||||||
|
* Allowed alternative SSL libraries such as LibreSSL, while
|
||||||
|
still issuing a warning as we cannot help users facing issues
|
||||||
|
with implementations other than OpenSSL.
|
||||||
|
* Deprecated URLs which don't have an explicit scheme
|
||||||
|
* Fixed response decoding with Zstandard when compressed data
|
||||||
|
is made of several frames.
|
||||||
|
* Fixed ``assert_hostname=False`` to correctly skip hostname
|
||||||
|
check.
|
||||||
|
|
||||||
|
- Update to 2.0.2:
|
||||||
|
* Fixed ``HTTPResponse.stream()`` to continue yielding bytes if
|
||||||
|
buffered decompressed data was still available to be read
|
||||||
|
even if the underlying socket is closed. This prevents
|
||||||
|
a compressed response from being truncated.
|
||||||
|
|
||||||
|
- Update to 2.0.1:
|
||||||
|
* Fixed a socket leak when fingerprint or hostname verifications fail.
|
||||||
|
* Fixed an error when HTTPResponse.read(0) was the first read call or when
|
||||||
|
the internal response body buffer was otherwise empty.
|
||||||
|
* Removed support for Python 2.7, 3.5, and 3.6.
|
||||||
|
* Removed fallback on certificate commonName in match_hostname() function.
|
||||||
|
* Removed support for Python with an ssl module compiled with LibreSSL,
|
||||||
|
CiscoSSL, wolfSSL, and all other OpenSSL alternatives.
|
||||||
|
* Removed support for OpenSSL versions earlier than 1.1.1.
|
||||||
|
* Removed urllib3.contrib.appengine.AppEngineManager and support for Google
|
||||||
|
App Engine Standard Environment.
|
||||||
|
* Changed ssl_version to instead set the corresponding
|
||||||
|
SSLContext.minimum_version and SSLContext.maximum_version values.
|
||||||
|
* Changed default SSLContext.minimum_version to be TLSVersion.TLSv1_2
|
||||||
|
in line with Python 3.10.
|
||||||
|
* Changed urllib3.util.create_urllib3_context to not override the system
|
||||||
|
cipher suites with a default value.
|
||||||
|
* Changed multipart/form-data header parameter formatting matches the
|
||||||
|
WHATWG HTML Standard as of 2021-06-10.
|
||||||
|
* Changed HTTPConnection.request() to always use lowercase chunk boundaries
|
||||||
|
when sending requests with Transfer-Encoding: chunked.
|
||||||
|
* Changed enforce_content_length default to True, preventing silent data
|
||||||
|
loss when reading streamed responses.
|
||||||
|
* Changed all parameters in the HTTPConnection and HTTPSConnection
|
||||||
|
constructors to be keyword-only except host and port.
|
||||||
|
* Changed HTTPConnection.getresponse() to set the socket timeout from
|
||||||
|
HTTPConnection.timeout value before reading data from the socket.
|
||||||
|
* Changed name of Retry.BACK0FF_MAX to be Retry.DEFAULT_BACKOFF_MAX.
|
||||||
|
* Changed TLS handshakes to use SSLContext.check_hostname when possible.
|
||||||
|
* Changed the default blocksize to 16KB to match OpenSSL's default read
|
||||||
|
amounts.
|
||||||
|
* Changed HTTPResponse.read() to raise an error when calling with
|
||||||
|
decode_content=False after using decode_content=True to prevent data loss.
|
||||||
|
* Fixed thread-safety issue where accessing a PoolManager with many
|
||||||
|
distinct origins would cause connection pools to be closed while
|
||||||
|
requests are in progress.
|
||||||
|
* Fixed the default value of HTTPSConnection.socket_options to match
|
||||||
|
HTTPConnection.
|
||||||
|
* Fixed a socket leak if HTTPConnection.connect() fails.
|
||||||
|
- Drop patch remove_mock.patch, included upstream.
|
||||||
|
- Fiddle with {Build,}Requires as appropiate, six finally dropped.
|
||||||
|
|
||||||
|
- Added:
|
||||||
|
* CVE-2024-37891.patch
|
||||||
|
* no-strict-OpenSSL-1.1.1.patch
|
||||||
|
|
||||||
|
- Removed:
|
||||||
|
* openssl-3.2.patch
|
||||||
|
* remove_mock.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Mar 4 11:11:14 UTC 2024 - Victor Zhestkov <vzhestkov@suse.com>
|
Mon Mar 4 11:11:14 UTC 2024 - Victor Zhestkov <vzhestkov@suse.com>
|
||||||
|
|
||||||
|
@ -19,10 +19,6 @@
|
|||||||
%{?!saltbundlepy_module:%define saltbundlepy_module() saltbundlepy-%{**}}
|
%{?!saltbundlepy_module:%define saltbundlepy_module() saltbundlepy-%{**}}
|
||||||
%define pythons saltbundlepy
|
%define pythons saltbundlepy
|
||||||
|
|
||||||
# Disable python bytecompile for all distros
|
|
||||||
# It's called explicitly in the spec
|
|
||||||
%global __brp_python_bytecompile %{nil}
|
|
||||||
|
|
||||||
%global flavor @BUILD_FLAVOR@%{nil}
|
%global flavor @BUILD_FLAVOR@%{nil}
|
||||||
%if "%{flavor}" == "test"
|
%if "%{flavor}" == "test"
|
||||||
%define psuffix -test
|
%define psuffix -test
|
||||||
@ -33,21 +29,21 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: saltbundlepy-urllib3%{psuffix}
|
Name: saltbundlepy-urllib3%{psuffix}
|
||||||
Version: 1.26.18
|
Version: 2.0.7
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: HTTP library with thread-safe connection pooling, file post, and more
|
Summary: HTTP library with thread-safe connection pooling, file post, and more
|
||||||
License: MIT
|
License: MIT
|
||||||
Group: Development/Languages/Python
|
Group: Development/Languages/Python
|
||||||
URL: https://urllib3.readthedocs.org/
|
URL: https://urllib3.readthedocs.org/
|
||||||
Source: https://files.pythonhosted.org/packages/source/u/urllib3/urllib3-%{version}.tar.gz
|
Source: https://files.pythonhosted.org/packages/source/u/urllib3/urllib3-%{version}.tar.gz
|
||||||
# PATCH-FIX-UPSTREAM remove_mock.patch gh#urllib3/urllib3#2108 mcepl@suse.com
|
# PATCH-FIX-UPSTREAM https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e Strip Proxy-Authorization header on redirects
|
||||||
# remove dependency on the external module mock
|
Patch1: CVE-2024-37891.patch
|
||||||
Patch0: remove_mock.patch
|
# Avoid stict dependency on OpenSSL 1.1.1
|
||||||
# PATCH-FIX-UPSTREAM openssl-3.2.patch gh#urllib3/urllib3#3271
|
Patch2: no-strict-OpenSSL-1.1.1.patch
|
||||||
Patch1: openssl-3.2.patch
|
BuildRequires: saltbundlepy >= 3.11
|
||||||
BuildRequires: %{saltbundlepy_module base >= 3.10}
|
BuildRequires: %{saltbundlepy_module base >= 3.11}
|
||||||
BuildRequires: %{saltbundlepy_module setuptools}
|
BuildRequires: %{saltbundlepy_module hatchling}
|
||||||
BuildRequires: %{saltbundlepy_module six}
|
BuildRequires: %{saltbundlepy_module pip}
|
||||||
BuildRequires: fdupes
|
BuildRequires: fdupes
|
||||||
BuildRequires: saltbundlepy-rpm-macros
|
BuildRequires: saltbundlepy-rpm-macros
|
||||||
#!BuildIgnore: python-requests
|
#!BuildIgnore: python-requests
|
||||||
@ -95,32 +91,18 @@ Highlights
|
|||||||
|
|
||||||
find . -type f -exec chmod a-x '{}' \;
|
find . -type f -exec chmod a-x '{}' \;
|
||||||
find . -name __pycache__ -type d -exec rm -fr {} +
|
find . -name __pycache__ -type d -exec rm -fr {} +
|
||||||
|
find . -type f -name '*.orig' -delete
|
||||||
# Drop the dummyserver tests, they fail in OBS
|
|
||||||
rm test/with_dummyserver/test_proxy_poolmanager.py
|
|
||||||
rm test/with_dummyserver/test_poolmanager.py
|
|
||||||
# Don't run the Google App Engine tests
|
|
||||||
rm -r test/appengine/
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%python_build
|
%pyproject_wheel
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%if !%{with test}
|
%if !%{with test}
|
||||||
%python_install
|
%pyproject_install
|
||||||
|
|
||||||
%{python_expand # Unbundle six
|
find %{buildroot} -type f -name '*.pyc' -exec touch {} \;
|
||||||
rm %{buildroot}/%{$python_sitelib}/urllib3/packages/six.py
|
|
||||||
rm %{buildroot}/%{$python_sitelib}/urllib3/packages/__pycache__/six*.pyc
|
|
||||||
|
|
||||||
ln -s %{$python_sitelib}/six.py %{buildroot}/%{$python_sitelib}/urllib3/packages/six.py
|
%python_expand %fdupes %{buildroot}%{$python_sitelib}
|
||||||
ln -sf %{$python_sitelib}/__pycache__/six.cpython-%{$python_version_nodots}.opt-1.pyc \
|
|
||||||
%{buildroot}/%{$python_sitelib}/urllib3/packages/__pycache__/
|
|
||||||
ln -sf %{$python_sitelib}/__pycache__/six.cpython-%{$python_version_nodots}.pyc \
|
|
||||||
%{buildroot}/%{$python_sitelib}/urllib3/packages/__pycache__/
|
|
||||||
|
|
||||||
%fdupes %{buildroot}%{$python_sitelib}
|
|
||||||
}
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{with test}
|
%if %{with test}
|
||||||
@ -135,13 +117,17 @@ skiplist="test_ssl_read_timeout or test_ssl_failed_fingerprint_verification or t
|
|||||||
skiplist+=" or test_recent_date"
|
skiplist+=" or test_recent_date"
|
||||||
# too slow to run in obs (checks 2GiB of data)
|
# too slow to run in obs (checks 2GiB of data)
|
||||||
skiplist+=" or test_requesting_large_resources_via_ssl"
|
skiplist+=" or test_requesting_large_resources_via_ssl"
|
||||||
%pytest -k "not (${skiplist})"
|
# Try to access external evil.com
|
||||||
|
skiplist+=" or test_deprecated_no_scheme"
|
||||||
|
# DeprecationWarning('ssl.TLSVersion.TLSv1 is deprecated') is filtered upstream in pyproject.toml, but it somehow got through
|
||||||
|
skiplist+=" or TestHTTPS_TLSv1"
|
||||||
|
%pytest -k "not (${skiplist})" --ignore test/with_dummyserver/test_socketlevel.py
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if ! %{with test}
|
%if ! %{with test}
|
||||||
%files %{python_files}
|
%files %{python_files}
|
||||||
%license LICENSE.txt
|
%license LICENSE.txt
|
||||||
%doc CHANGES.rst README.rst
|
%doc CHANGES.rst README.md
|
||||||
%{python_sitelib}/urllib3
|
%{python_sitelib}/urllib3
|
||||||
%{python_sitelib}/urllib3-%{version}*-info
|
%{python_sitelib}/urllib3-%{version}*-info
|
||||||
%endif
|
%endif
|
||||||
|
BIN
urllib3-1.26.18.tar.gz
(Stored with Git LFS)
BIN
urllib3-1.26.18.tar.gz
(Stored with Git LFS)
Binary file not shown.
BIN
urllib3-2.0.7.tar.gz
(Stored with Git LFS)
Normal file
BIN
urllib3-2.0.7.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user