SLFO-pool/python-requests
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: SLFO-pool:main
Branches Tags
SLFO-pool:main SLFO-pool:1.1
...
pull from: SLFO-pool:1.1
Branches Tags
SLFO-pool:1.1 SLFO-pool:main

2 Commits
main ... 1.1

Author SHA256 Message Date
Adrian Schröter
01c1e95c08 Sync from SUSE:SLFO:1.1 python-requests revision fc06f9bbd8a0b510b6e47aba6c6508a9 2025-07-24 13:27:36 +02:00
Adrian Schröter
bf1b546e9b Sync from SUSE:SLFO:1.1 python-requests revision 3c1e84ada941affac10d998f218926ed 2024-12-19 14:45:19 +01:00
5 changed files with 143 additions and 7 deletions
Expand all files Collapse all files

25
python-requests.changes
View File

@@ -1,3 +1,28 @@
-------------------------------------------------------------------
Mon Jul 14 09:20:12 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
- Add revert-caching-default-sslcontext.patch upstream patch to avoid
problems with certificate caching in sslcontext.
bsc#1246104, gh#psf/requests#6767
-------------------------------------------------------------------
Tue Jun 10 09:42:31 UTC 2025 - Dirk Müller <dmueller@suse.com>
- update to 2.32.4:
* CVE-2024-47081 Fixed an issue where a maliciously crafted URL
and trusted environment will retrieve credentials for the wrong
hostname/machine from a netrc file
* Numerous documentation improvements
* Added support for pypy 3.11 for Linux and macOS.
* Dropped support for pypy 3.9 following its end of support.
- drop CVE-2024-47081.patch (merged upstream)
-------------------------------------------------------------------
Thu Jun 5 07:22:39 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
- Add CVE-2024-47081.patch upstream patch, fixes netrc credential leak
(gh#psf/requests#6965, CVE-2024-47081, bsc#1244039)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Oct 24 07:48:08 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com> Thu Oct 24 07:48:08 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>

6
python-requests.spec
View File

@@ -1,7 +1,7 @@
# #
# spec file for package python-requests # spec file for package python-requests
# #
# Copyright (c) 2024 SUSE LLC # Copyright (c) 2025 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
%endif %endif
%{?sle15_python_module_pythons} %{?sle15_python_module_pythons}
Name: python-requests%{psuffix} Name: python-requests%{psuffix}
Version: 2.32.3 Version: 2.32.4
Release: 0 Release: 0
Summary: Python HTTP Library Summary: Python HTTP Library
License: Apache-2.0 License: Apache-2.0
@@ -34,6 +34,8 @@ URL: https://docs.python-requests.org/
Source: https://files.pythonhosted.org/packages/source/r/requests/requests-%{version}.tar.gz Source: https://files.pythonhosted.org/packages/source/r/requests/requests-%{version}.tar.gz
# PATCH-FIX-UPSTREAM gh#psf/requests#6731 # PATCH-FIX-UPSTREAM gh#psf/requests#6731
Patch0: inject-default-ca-bundles.patch Patch0: inject-default-ca-bundles.patch
# PATCH-FIX-UPSTREAM revert-caching-default-sslcontext.patch gh#psf/requests#6767
Patch1: revert-caching-default-sslcontext.patch
BuildRequires: %{python_module base >= 3.7} BuildRequires: %{python_module base >= 3.7}
BuildRequires: %{python_module pip} BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools} BuildRequires: %{python_module setuptools}

BIN
requests-2.32.3.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

BIN
requests-2.32.4.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

109
revert-caching-default-sslcontext.patch Normal file
View File

@@ -0,0 +1,109 @@
From d520f46f94d0e637d440c6c0d55aa49240e2d46a Mon Sep 17 00:00:00 2001
From: Nate Prewitt <nate.prewitt@gmail.com>
Date: Thu, 18 Jul 2024 09:51:10 -0700
Subject: [PATCH] Revert caching a default SSLContext
---
src/requests/adapters.py | 55 ++++++++++++----------------------------
1 file changed, 16 insertions(+), 39 deletions(-)
Index: requests-2.32.4/src/requests/adapters.py
===================================================================
--- requests-2.32.4.orig/src/requests/adapters.py
+++ requests-2.32.4/src/requests/adapters.py
@@ -27,7 +27,6 @@ from urllib3.poolmanager import PoolMana
from urllib3.util import Timeout as TimeoutSauce
from urllib3.util import parse_url
from urllib3.util.retry import Retry
-from urllib3.util.ssl_ import create_urllib3_context
from .auth import _basic_auth_str
from .compat import basestring, urlparse
@@ -74,36 +73,6 @@ DEFAULT_RETRIES = 0
DEFAULT_POOL_TIMEOUT = None
-try:
- import ssl # noqa: F401
-
- _preloaded_ssl_context = create_urllib3_context()
- _preloaded_ssl_context.load_verify_locations(
- extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
- )
-except ImportError:
- # Bypass default SSLContext creation when Python
- # interpreter isn't built with the ssl module.
- _preloaded_ssl_context = None
-
-
-def _should_use_default_context(
- verify: "bool | str | None",
- client_cert: "typing.Tuple[str, str] | str | None",
- poolmanager_kwargs: typing.Dict[str, typing.Any],
-) -> bool:
- # Determine if we have and should use our default SSLContext
- # to optimize performance on standard requests.
- has_poolmanager_ssl_context = poolmanager_kwargs.get("ssl_context")
- should_use_default_ssl_context = (
- verify is True
- and _preloaded_ssl_context is not None
- and not has_poolmanager_ssl_context
- and client_cert is None
- )
- return should_use_default_ssl_context
-
-
def _urllib3_request_context(
request: "PreparedRequest",
verify: "bool | str | None",
@@ -121,8 +90,6 @@ def _urllib3_request_context(
cert_loc = None
if verify is False:
cert_reqs = "CERT_NONE"
- elif _should_use_default_context(verify, client_cert, poolmanager_kwargs):
- pool_kwargs["ssl_context"] = _preloaded_ssl_context
elif verify is True:
# Set default ca cert location if none provided
cert_loc = extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
@@ -332,24 +299,27 @@ class HTTPAdapter(BaseAdapter):
:param cert: The SSL certificate to verify.
"""
if url.lower().startswith("https") and verify:
- conn.cert_reqs = "CERT_REQUIRED"
+ cert_loc = None
- # Only load the CA certificates if `verify` is a
- # string indicating the CA bundle to use.
+ # Allow self-specified cert location.
if verify is not True:
- # `verify` must be a str with a path then
cert_loc = verify
- if not os.path.exists(cert_loc):
- raise OSError(
- f"Could not find a suitable TLS CA certificate bundle, "
- f"invalid path: {cert_loc}"
- )
-
- if not os.path.isdir(cert_loc):
- conn.ca_certs = cert_loc
- else:
- conn.ca_cert_dir = cert_loc
+ if not cert_loc:
+ cert_loc = extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
+
+ if not cert_loc or not os.path.exists(cert_loc):
+ raise OSError(
+ f"Could not find a suitable TLS CA certificate bundle, "
+ f"invalid path: {cert_loc}"
+ )
+
+ conn.cert_reqs = "CERT_REQUIRED"
+
+ if not os.path.isdir(cert_loc):
+ conn.ca_certs = cert_loc
+ else:
+ conn.ca_cert_dir = cert_loc
else:
conn.cert_reqs = "CERT_NONE"
conn.ca_certs = None