From 5e976f8380c5df6e212c5efaf162cd670f9da60c94ba7cc1b3f5063cc21d92b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Fri, 20 Sep 2019 12:34:26 +0000 Subject: [PATCH] - Update to 1.25.5: * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using cert_reqs=CERT_NONE. (Issue #1682) * Propagate Retry-After header settings to subsequent retries. (Pull #1607) * Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull #1607) * Remove dependency on rfc3986 for URL parsing. * Fix issue where URLs containing invalid characters within Url.auth would raise an exception instead of percent-encoding those characters. * Add support for HTTPResponse.auto_close = False which makes HTTP responses work well with BufferedReaders and other io module features. (Pull #1652) * Percent-encode invalid characters in URL for HTTPConnectionPool.request() (Pull #1673) - Drop patch urllib3-ssl-default-context.patch - Drop patch python-urllib3-recent-date.patch the date is recent enough on its own OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-urllib3?expand=0&rev=84 --- python-urllib3-recent-date.patch | 26 ------------------ python-urllib3.changes | 15 +++++++++++ python-urllib3.spec | 44 +++++++++++-------------------- urllib3-1.25.3.tar.gz | 3 --- urllib3-1.25.5.tar.gz | 3 +++ urllib3-ssl-default-context.patch | 13 --------- 6 files changed, 33 insertions(+), 71 deletions(-) delete mode 100644 python-urllib3-recent-date.patch delete mode 100644 urllib3-1.25.3.tar.gz create mode 100644 urllib3-1.25.5.tar.gz delete mode 100644 urllib3-ssl-default-context.patch diff --git a/python-urllib3-recent-date.patch b/python-urllib3-recent-date.patch deleted file mode 100644 index 198b0d8..0000000 --- a/python-urllib3-recent-date.patch +++ /dev/null @@ -1,26 +0,0 @@ -From fc27a8ed4203084c97fd1260d2566255c35ca945 Mon Sep 17 00:00:00 2001 -From: Dominique Leuenberger -Date: Sun, 31 Dec 2017 15:11:16 +0100 -Subject: [PATCH] Move RECENT_DATE to 2017-06-30 - -The test suite expects the current date to be no more than two years in the future -of RECENT_DATE, which just serves as a reference point. - -Also clarify the comment about how to update RECENT_DATE - -Fixes #1303 ---- - src/urllib3/connection.py | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - ---- a/src/urllib3/connection.py -+++ b/src/urllib3/connection.py -@@ -59,7 +59,7 @@ port_by_scheme = { - # and not less than 6 months ago. - # Example: if Today is 2018-01-01, then RECENT_DATE should be any date on or - # after 2016-01-01 (today - 2 years) AND before 2017-07-01 (today - 6 months) --RECENT_DATE = datetime.date(2017, 6, 30) -+RECENT_DATE = datetime.date(2018, 1, 30) - - - class DummyConnection(object): diff --git a/python-urllib3.changes b/python-urllib3.changes index 602d121..985eb02 100644 --- a/python-urllib3.changes +++ b/python-urllib3.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Fri Sep 20 12:14:13 UTC 2019 - Tomáš Chvátal + +- Update to 1.25.5: + * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using cert_reqs=CERT_NONE. (Issue #1682) + * Propagate Retry-After header settings to subsequent retries. (Pull #1607) + * Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull #1607) + * Remove dependency on rfc3986 for URL parsing. + * Fix issue where URLs containing invalid characters within Url.auth would raise an exception instead of percent-encoding those characters. + * Add support for HTTPResponse.auto_close = False which makes HTTP responses work well with BufferedReaders and other io module features. (Pull #1652) + * Percent-encode invalid characters in URL for HTTPConnectionPool.request() (Pull #1673) +- Drop patch urllib3-ssl-default-context.patch +- Drop patch python-urllib3-recent-date.patch the date is recent + enough on its own + ------------------------------------------------------------------- Sat Sep 14 02:58:42 UTC 2019 - John Vandenberg diff --git a/python-urllib3.spec b/python-urllib3.spec index afa79c8..d445a03 100644 --- a/python-urllib3.spec +++ b/python-urllib3.spec @@ -28,7 +28,7 @@ %endif %bcond_without python2 Name: python-urllib3%{psuffix} -Version: 1.25.3 +Version: 1.25.5 Release: 0 Summary: HTTP library with thread-safe connection pooling, file post, and more License: MIT @@ -37,24 +37,16 @@ URL: https://urllib3.readthedocs.org/ Source: https://files.pythonhosted.org/packages/source/u/urllib3/urllib3-%{version}.tar.gz # Wrapper for ssl to unbundle ssl_match_hostname Source1: ssl_match_hostname_py3.py -# PATCH-FEATURE-UPSTREAM -- use set_default_verify_paths() if no certificate path is supplied -# should be removed in the future, see SR#437853 -Patch0: urllib3-ssl-default-context.patch -# PATCH-FIX-UPSTREAM python-urllib3-recent-date.patch gh#shazow/urllib3#1303, boo#1074247 dimstar@opensuse.org -- Fix test suite, use correct date -Patch1: python-urllib3-recent-date.patch -BuildRequires: %{python_module PySocks} -BuildRequires: %{python_module psutil} -BuildRequires: %{python_module rfc3986} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module six} BuildRequires: fdupes BuildRequires: python-rpm-macros #!BuildIgnore: python-requests Requires: ca-certificates-mozilla -Requires: python-cryptography -Requires: python-idna +Requires: python-certifi +Requires: python-cryptography >= 1.3.4 +Requires: python-idna >= 2.0.0 Requires: python-pyOpenSSL -Requires: python-rfc3986 Requires: python-six BuildArch: noarch # for SSL module on older distros @@ -69,15 +61,21 @@ BuildRequires: python-ipaddress Requires: python-backports.ssl_match_hostname %endif %if %{with test} -BuildRequires: %{python_module brotlipy} -BuildRequires: %{python_module idna} +BuildRequires: %{python_module PySocks} +BuildRequires: %{python_module brotlipy >= 0.6.0} +BuildRequires: %{python_module certifi} +BuildRequires: %{python_module cryptography >= 1.3.4} +BuildRequires: %{python_module idna >= 2.0.0} BuildRequires: %{python_module mock >= 1.3.0} -BuildRequires: %{python_module pytest < 4.0} +BuildRequires: %{python_module psutil} +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module six} BuildRequires: %{python_module tornado >= 4.2.1} BuildRequires: %{python_module urllib3 >= %{version}} %endif %if 0%{?suse_version} >= 1000 || 0%{?fedora_version} >= 24 -Recommends: python-brotlipy +Recommends: python-PySocks >= 1.5.6 +Recommends: python-brotlipy >= 0.6.0 %endif %ifpython2 Requires: python-ipaddress @@ -104,7 +102,6 @@ Highlights %prep %setup -q -n urllib3-%{version} -%autopatch -p1 find . -type f -exec chmod a-x '{}' \; find . -name __pycache__ -type d -exec rm -fr {} + @@ -130,7 +127,6 @@ $python -O -m compileall -d %{$python_sitelib} %{buildroot}%{$python_sitelib}/ur # Unbundle the Python 2 build rm -rf %{buildroot}/%{python2_sitelib}/urllib3/packages/six.py* rm -rf %{buildroot}/%{python2_sitelib}/urllib3/packages/ssl_match_hostname/ -rm -rf %{buildroot}/%{python2_sitelib}/urllib3/packages/rfc3986/ mkdir -p %{buildroot}/%{python2_sitelib}/urllib3/packages/ ln -s %{python2_sitelib}/six.py %{buildroot}/%{python2_sitelib}/urllib3/packages/six.py @@ -138,8 +134,6 @@ ln -s %{python2_sitelib}/six.pyc %{buildroot}/%{python2_sitelib}/urllib3/package ln -s %{python2_sitelib}/six.pyo %{buildroot}/%{python2_sitelib}/urllib3/packages/six.pyo ln -s %{python2_sitelib}/backports/ssl_match_hostname \ %{buildroot}/%{python2_sitelib}/urllib3/packages/ssl_match_hostname -ln -s %{python2_sitelib}/rfc3986/ \ - %{buildroot}/%{python2_sitelib}/urllib3/packages/rfc3986 %endif %if 0%{?have_python3} && ! 0%{?skip_python3} @@ -147,7 +141,6 @@ ln -s %{python2_sitelib}/rfc3986/ \ rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py* rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/six* rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname/ -rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/rfc3986/ mkdir -p %{buildroot}/%{python3_sitelib}/urllib3/packages/ cp -a %{SOURCE1} %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname.py @@ -156,8 +149,6 @@ ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.opt-1 %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/ ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.pyc \ %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/ -ln -s %{python3_sitelib}/rfc3986/ \ - %{buildroot}/%{python3_sitelib}/urllib3/packages/rfc3986 %endif %python_expand %fdupes %{buildroot}%{$python_sitelib} @@ -182,17 +173,12 @@ case $(uname -m) in ppc*) skiplist="$skiplist and not test_select_timing and not test_select_multiple_interrupts_with_event and not test_interrupt_wait_for_read_with_event and not test_select_interrupt_with_event";; esac -# the tls13 tests are not run in upstream travis and they fail for us -# lets wait for upstream to sort it out first -skiplist="$skiplist and not test_set_ssl_version_to_tls_version" # the certificate validation is much stricter in new openssl so skip # tests which would not validate it skiplist="$skiplist and not test_client_no_intermediate" -# we have patch to fix source address errors in python and raise different -# error than urllib3 expects in its tests -skiplist="$skiplist and not test_source_address_error" export PYTHONDONTWRITEBYTECODE=1 +export LANG="en_US.UTF8" %pytest -k "${skiplist}" %endif diff --git a/urllib3-1.25.3.tar.gz b/urllib3-1.25.3.tar.gz deleted file mode 100644 index 57066aa..0000000 --- a/urllib3-1.25.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dbe59173209418ae49d485b87d1681aefa36252ee85884c31346debd19463232 -size 262150 diff --git a/urllib3-1.25.5.tar.gz b/urllib3-1.25.5.tar.gz new file mode 100644 index 0000000..694ff5e --- /dev/null +++ b/urllib3-1.25.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2f3eadfea5d92bc7899e75b5968410b749a054b492d5a6379c1344a1481bc2cb +size 248169 diff --git a/urllib3-ssl-default-context.patch b/urllib3-ssl-default-context.patch deleted file mode 100644 index df0cb50..0000000 --- a/urllib3-ssl-default-context.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: urllib3-1.25/src/urllib3/util/ssl_.py -=================================================================== ---- urllib3-1.25.orig/src/urllib3/util/ssl_.py -+++ urllib3-1.25/src/urllib3/util/ssl_.py -@@ -333,6 +333,8 @@ def ssl_wrap_socket(sock, keyfile=None, - elif ssl_context is None and hasattr(context, 'load_default_certs'): - # try to load OS default certs; works well on Windows (require Python3.4+) - context.load_default_certs() -+ elif cert_reqs != ssl.CERT_NONE and hasattr(context, 'set_default_verify_paths'): -+ context.set_default_verify_paths() - - # Attempt to detect if we get the goofy behavior of the - # keyfile being encrypted and OpenSSL asking for the