Accepting request 708287 from devel:languages:python
- Skip test_source_address_error as we raise different error with fixes that we provide in new python2/3 - Add more test to skip as with new openssl some behaviour changed and we can't rely on them anymore - Unbundle the six, rfc3986, and backports.ssl_match_hostname - Update to 1.25.3: * Change HTTPSConnection to load system CA certificates when ca_certs, ca_cert_dir, and ssl_context are unspecified. (Pull #1608, Issue #1603) * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605) - Update to 1.25.2: * Change is_ipaddress to not detect IPvFuture addresses. (Pull #1583) * Change parse_url to percent-encode invalid characters within the path, query, and target components. (Pull #1586) * Add support for Google's Brotli package. (Pull #1572, Pull #1579) * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578) - Require all the deps from the secure list rather than Recommend. This makes the check to be run always and ensure the urls are "secure". - Remove ndg-httpsclient as it is not needed since 2015 - Add missing dependency on brotlipy - Fix the tests to pass again - update to 1.25 (bsc#1132663, CVE-2019-11236): * Require and validate certificates by default when using HTTPS * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use encrypted ``key_file`` without creating your own ``SSLContext`` object. OBS-URL: https://build.opensuse.org/request/show/708287 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=27
This commit is contained in:
commit
b2ede91d4c
@ -1,3 +1,67 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 7 11:40:05 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
- Skip test_source_address_error as we raise different error with
|
||||
fixes that we provide in new python2/3
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 29 08:59:29 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
- Add more test to skip as with new openssl some behaviour changed
|
||||
and we can't rely on them anymore
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 29 08:20:27 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
- Unbundle the six, rfc3986, and backports.ssl_match_hostname
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri May 24 19:16:21 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
- Update to 1.25.3:
|
||||
* Change HTTPSConnection to load system CA certificates when ca_certs, ca_cert_dir, and ssl_context are unspecified. (Pull #1608, Issue #1603)
|
||||
* Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 6 11:18:36 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
- Update to 1.25.2:
|
||||
* Change is_ipaddress to not detect IPvFuture addresses. (Pull #1583)
|
||||
* Change parse_url to percent-encode invalid characters within the path, query, and target components. (Pull #1586)
|
||||
* Add support for Google's Brotli package. (Pull #1572, Pull #1579)
|
||||
* Upgrade bundled rfc3986 to v1.3.1 (Pull #1578)
|
||||
- Require all the deps from the secure list rather than Recommend.
|
||||
This makes the check to be run always and ensure the urls are
|
||||
"secure".
|
||||
- Remove ndg-httpsclient as it is not needed since 2015
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 23 10:27:36 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
- Add missing dependency on brotlipy
|
||||
- Fix the tests to pass again
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 23 04:04:50 UTC 2019 - Thomas Bechtold <tbechtold@suse.com>
|
||||
|
||||
- update to 1.25 (bsc#1132663, CVE-2019-11236):
|
||||
* Require and validate certificates by default when using HTTPS
|
||||
* Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant.
|
||||
* Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
|
||||
encrypted ``key_file`` without creating your own ``SSLContext`` object.
|
||||
* Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
|
||||
implementations. (Pull #1496)
|
||||
* Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft.
|
||||
* Fixed issue where OpenSSL would block if an encrypted client private key was
|
||||
given and no password was given. Instead an ``SSLError`` is raised.
|
||||
* Added support for Brotli content encoding. It is enabled automatically if
|
||||
``brotlipy`` package is installed which can be requested with
|
||||
``urllib3[brotli]`` extra.
|
||||
* Drop ciphers using DSS key exchange from default TLS cipher suites.
|
||||
Improve default ciphers when using SecureTransport.
|
||||
* Implemented a more efficient ``HTTPResponse.__iter__()`` method.
|
||||
- Drop urllib3-test-ssl-drop-sslv3.patch . No longer needed
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 18 00:02:07 CEST 2019 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
|
@ -18,55 +18,62 @@
|
||||
|
||||
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
|
||||
%define oldpython python
|
||||
|
||||
%global flavor @BUILD_FLAVOR@%{nil}
|
||||
%if "%{flavor}" == "test"
|
||||
%define test 1
|
||||
%define psuffix -test
|
||||
%bcond_without test
|
||||
%else
|
||||
%define psuffix %{nil}
|
||||
%bcond_with test
|
||||
%endif
|
||||
%if %{with test}
|
||||
Name: python-urllib3-%{flavor}
|
||||
%else
|
||||
Name: python-urllib3
|
||||
%endif
|
||||
Version: 1.24.2
|
||||
Name: python-urllib3%{psuffix}
|
||||
Version: 1.25.3
|
||||
Release: 0
|
||||
Summary: HTTP library with thread-safe connection pooling, file post, and more
|
||||
License: MIT
|
||||
Group: Development/Languages/Python
|
||||
URL: http://urllib3.readthedocs.org/
|
||||
Source: https://files.pythonhosted.org/packages/source/u/urllib3/urllib3-%{version}.tar.gz
|
||||
# Wrapper for ssl to unbundle ssl_match_hostname
|
||||
Source1: ssl_match_hostname_py3.py
|
||||
# PATCH-FEATURE-UPSTREAM -- use set_default_verify_paths() if no certificate path is supplied
|
||||
# should be removed in the future, see SR#437853
|
||||
Patch2: urllib3-ssl-default-context.patch
|
||||
# PATCH-FIX-OPENSUSE -- do not use unsupported SSLv3 in tests
|
||||
Patch3: urllib3-test-ssl-drop-sslv3.patch
|
||||
Patch0: urllib3-ssl-default-context.patch
|
||||
# PATCH-FIX-UPSTREAM python-urllib3-recent-date.patch gh#shazow/urllib3#1303, boo#1074247 dimstar@opensuse.org -- Fix test suite, use correct date
|
||||
Patch4: python-urllib3-recent-date.patch
|
||||
Patch1: python-urllib3-recent-date.patch
|
||||
# for SSL module on older distros
|
||||
BuildRequires: %{oldpython}
|
||||
BuildRequires: %{python_module PySocks}
|
||||
BuildRequires: %{python_module psutil}
|
||||
BuildRequires: %{python_module rfc3986}
|
||||
BuildRequires: %{python_module setuptools}
|
||||
BuildRequires: %{python_module six}
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: python-backports.ssl_match_hostname
|
||||
BuildRequires: python-rpm-macros
|
||||
BuildRequires: python2-ipaddress
|
||||
#!BuildIgnore: python-requests
|
||||
Requires: ca-certificates-mozilla
|
||||
Requires: python-cryptography
|
||||
Requires: python-idna
|
||||
Requires: python-pyOpenSSL
|
||||
Requires: python-rfc3986
|
||||
Requires: python-six
|
||||
BuildArch: noarch
|
||||
%ifpython2
|
||||
Requires: python-backports.ssl_match_hostname
|
||||
%endif
|
||||
%if %{with test}
|
||||
BuildRequires: %{python_module brotlipy}
|
||||
BuildRequires: %{python_module idna}
|
||||
BuildRequires: %{python_module mock >= 1.3.0}
|
||||
BuildRequires: %{python_module pytest}
|
||||
BuildRequires: %{python_module tornado >= 4.2.1}
|
||||
BuildRequires: %{python_module urllib3 >= %{version}}
|
||||
%endif
|
||||
#!BuildIgnore: python-requests
|
||||
BuildArch: noarch
|
||||
%if 0%{?suse_version} >= 1000 || 0%{?fedora_version} >= 24
|
||||
Recommends: ca-certificates-mozilla
|
||||
Recommends: python-cryptography
|
||||
Recommends: python-idna
|
||||
Recommends: python-ndg-httpsclient
|
||||
Recommends: python-pyOpenSSL
|
||||
Recommends: python-brotlipy
|
||||
%endif
|
||||
# for SSL module on older distros
|
||||
BuildRequires: %{oldpython}
|
||||
BuildRequires: python2-ipaddress
|
||||
%ifpython2
|
||||
Requires: python-ipaddress
|
||||
%endif
|
||||
@ -90,46 +97,85 @@ Highlights
|
||||
|
||||
%prep
|
||||
%setup -q -n urllib3-%{version}
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%autopatch -p1
|
||||
find . -type f -exec chmod a-x '{}' \;
|
||||
find . -name __pycache__ -type d -exec rm -fr {} +
|
||||
|
||||
# Drop the dummyserver tests, they fail in OBS
|
||||
rm test/with_dummyserver/test_proxy_poolmanager.py
|
||||
rm test/with_dummyserver/test_poolmanager.py
|
||||
# Don't run the Google App Engine tests
|
||||
rm -r test/appengine/
|
||||
|
||||
%build
|
||||
%python_build
|
||||
|
||||
%install
|
||||
%if !%{with test}
|
||||
%python_install
|
||||
|
||||
%{python_expand \
|
||||
$python -m compileall -d %{$python_sitelib} %{buildroot}%{$python_sitelib}/urllib3/
|
||||
$python -O -m compileall -d %{$python_sitelib} %{buildroot}%{$python_sitelib}/urllib3/
|
||||
%fdupes %{buildroot}%{$python_sitelib}
|
||||
}
|
||||
|
||||
# Unbundle the Python 2 build
|
||||
rm -rf %{buildroot}/%{python2_sitelib}/urllib3/packages/six.py*
|
||||
rm -rf %{buildroot}/%{python2_sitelib}/urllib3/packages/ssl_match_hostname/
|
||||
rm -rf %{buildroot}/%{python2_sitelib}/urllib3/packages/rfc3986/
|
||||
|
||||
mkdir -p %{buildroot}/%{python2_sitelib}/urllib3/packages/
|
||||
ln -s %{python2_sitelib}/six.py %{buildroot}/%{python2_sitelib}/urllib3/packages/six.py
|
||||
ln -s %{python2_sitelib}/six.pyc %{buildroot}/%{python2_sitelib}/urllib3/packages/six.pyc
|
||||
ln -s %{python2_sitelib}/six.pyo %{buildroot}/%{python2_sitelib}/urllib3/packages/six.pyo
|
||||
ln -s %{python2_sitelib}/backports/ssl_match_hostname \
|
||||
%{buildroot}/%{python2_sitelib}/urllib3/packages/ssl_match_hostname
|
||||
ln -s %{python2_sitelib}/rfc3986/ \
|
||||
%{buildroot}/%{python2_sitelib}/urllib3/packages/rfc3986
|
||||
# Unbundle the Python 3 build
|
||||
rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py*
|
||||
rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/six*
|
||||
rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname/
|
||||
rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/rfc3986/
|
||||
|
||||
mkdir -p %{buildroot}/%{python3_sitelib}/urllib3/packages/
|
||||
cp -a %{SOURCE1} %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname.py
|
||||
ln -s %{python3_sitelib}/six.py %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py
|
||||
ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.opt-1.pyc \
|
||||
%{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/
|
||||
ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.pyc \
|
||||
%{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/
|
||||
ln -s %{python3_sitelib}/rfc3986/ \
|
||||
%{buildroot}/%{python3_sitelib}/urllib3/packages/rfc3986
|
||||
|
||||
%python_expand %fdupes %{buildroot}%{$python_sitelib}
|
||||
%endif
|
||||
|
||||
%check
|
||||
%if %{with test}
|
||||
skiplist='not test_select_interrupt_exception and not test_selector_error and not timeout and not test_request_host_header_ignores_fqdn_dot and not test_dotted_fqdn'
|
||||
skiplist='not test_select_interrupt_exception and not test_selector_error and not timeout and not test_request_host_header_ignores_fqdn_dot and not test_dotted_fqdn and not TestImportWithoutSSL'
|
||||
case $(uname -m) in
|
||||
ppc*)
|
||||
skiplist="$skiplist and not test_select_timing and not test_select_multiple_interrupts_with_event and not test_interrupt_wait_for_read_with_event and not test_select_interrupt_with_event";;
|
||||
esac
|
||||
# the tls13 tests are not run in upstream travis and they fail for us
|
||||
# lets wait for upstream to sort it out first
|
||||
skiplist="$skiplist and not test_set_ssl_version_to_tls_version"
|
||||
# the certificate validation is much stricter in new openssl so skip
|
||||
# tests which would not validate it
|
||||
skiplist="$skiplist and not test_client_no_intermediate"
|
||||
# we have patch to fix source address errors in python and raise different
|
||||
# error than urllib3 expects in its tests
|
||||
skiplist="$skiplist and not test_source_address_error"
|
||||
|
||||
rm -rf build
|
||||
# pretend to be TRAVIS (this triggers timing tolerance)
|
||||
export TRAVIS=1
|
||||
%{python_expand PYTHONPATH="%{buildroot}%{$python_sitelib}" py.test-%$python_bin_suffix \
|
||||
--ignore=test/appengine \
|
||||
--ignore=test/with_dummyserver/test_proxy_poolmanager.py \
|
||||
--ignore=test/with_dummyserver/test_poolmanager.py \
|
||||
-k "${skiplist}" \
|
||||
src/urllib3 test}
|
||||
rm -rf %{buildroot}%{_libexecdir}/python*
|
||||
export PYTHONDONTWRITEBYTECODE=1
|
||||
%pytest -k "${skiplist}"
|
||||
%endif
|
||||
|
||||
%if ! %{with test}
|
||||
%files %{python_files}
|
||||
%license LICENSE.txt
|
||||
%doc CHANGES.rst CONTRIBUTORS.txt README.rst
|
||||
%if ! %{with test}
|
||||
%{python_sitelib}/urllib3
|
||||
%{python_sitelib}/urllib3-%{version}-py*.egg-info
|
||||
%endif
|
||||
|
1
ssl_match_hostname_py3.py
Normal file
1
ssl_match_hostname_py3.py
Normal file
@ -0,0 +1 @@
|
||||
from ssl import match_hostname, CertificateError
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:9a247273df709c4fedb38c711e44292304f73f39ab01beda9f6b9fc375669ac3
|
||||
size 230699
|
3
urllib3-1.25.3.tar.gz
Normal file
3
urllib3-1.25.3.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:dbe59173209418ae49d485b87d1681aefa36252ee85884c31346debd19463232
|
||||
size 262150
|
@ -1,5 +1,7 @@
|
||||
--- a/src/urllib3/util/ssl_.py
|
||||
+++ b/src/urllib3/util/ssl_.py
|
||||
Index: urllib3-1.25/src/urllib3/util/ssl_.py
|
||||
===================================================================
|
||||
--- urllib3-1.25.orig/src/urllib3/util/ssl_.py
|
||||
+++ urllib3-1.25/src/urllib3/util/ssl_.py
|
||||
@@ -333,6 +333,8 @@ def ssl_wrap_socket(sock, keyfile=None,
|
||||
elif ssl_context is None and hasattr(context, 'load_default_certs'):
|
||||
# try to load OS default certs; works well on Windows (require Python3.4+)
|
||||
@ -7,5 +9,5 @@
|
||||
+ elif cert_reqs != ssl.CERT_NONE and hasattr(context, 'set_default_verify_paths'):
|
||||
+ context.set_default_verify_paths()
|
||||
|
||||
if certfile:
|
||||
context.load_cert_chain(certfile, keyfile)
|
||||
# Attempt to detect if we get the goofy behavior of the
|
||||
# keyfile being encrypted and OpenSSL asking for the
|
||||
|
@ -1,11 +0,0 @@
|
||||
--- a/test/with_dummyserver/test_https.py
|
||||
+++ b/test/with_dummyserver/test_https.py
|
||||
@@ -557,7 +557,7 @@ class TestHTTPS(HTTPSDummyServerTestCase
|
||||
|
||||
class TestHTTPS_TLSv1(HTTPSDummyServerTestCase):
|
||||
certs = DEFAULT_CERTS.copy()
|
||||
- certs['ssl_version'] = ssl.PROTOCOL_TLSv1
|
||||
+ certs['ssl_version'] = ssl.PROTOCOL_TLSv1_2
|
||||
|
||||
def setUp(self):
|
||||
self._pool = HTTPSConnectionPool(self.host, self.port)
|
Loading…
Reference in New Issue
Block a user