From de8c3896ee21a13c3a41d8878ccace6fb2d24a02bfe7af548088121714653d1b Mon Sep 17 00:00:00 2001
From: Matej Cepl <mcepl@suse.com>
Date: Thu, 26 Aug 2021 21:32:53 +0000
Subject: [PATCH] Accepting request 914418 from
 home:fusionfuture:branches:devel:languages:python:Factory

- Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)

OBS-URL: https://build.opensuse.org/request/show/914418
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python?expand=0&rev=299
---
 ...-infinite-line-reading-after-a-HTTP-100-Continue.patch | 2 +-
 python-base.changes                                       | 8 ++++++++
 python-base.spec                                          | 4 ++--
 python-doc.changes                                        | 8 ++++++++
 python-doc.spec                                           | 4 ++--
 python.changes                                            | 8 ++++++++
 python.spec                                               | 4 ++--
 7 files changed, 31 insertions(+), 7 deletions(-)
 rename bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch => CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch (88%)

diff --git a/bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch b/CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
similarity index 88%
rename from bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
rename to CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
index 7e5aeef..a1df08f 100644
--- a/bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+++ b/CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
@@ -12,7 +12,7 @@
                      break
                  if self.debuglevel > 0:
                      print "header:", skip
-+                # bpo-44022: Fix http client infinite line reading (DoS) after a http 100
++                # CVE-2021-3737: Fix infinitely reading potential HTTP headers on a 100 Continue status response from the server
 +                header_count += 1
 +                if header_count > _MAXHEADERS:
 +                    raise HTTPException("got more than %d headers" % _MAXHEADERS)
diff --git a/python-base.changes b/python-base.changes
index a5bfe82..ddbb4d4 100644
--- a/python-base.changes
+++ b/python-base.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Aug 26 15:35:10 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Renamed patch for assigned CVE:
+  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
+    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+    (boo#1189241, CVE-2021-3737)
+
 -------------------------------------------------------------------
 Mon Aug 23 11:16:24 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
 
diff --git a/python-base.spec b/python-base.spec
index 8e29319..9d9ffe0 100644
--- a/python-base.spec
+++ b/python-base.spec
@@ -103,8 +103,8 @@ Patch61:        CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
 # PATCH-FIX-UPSTREAM CVE-2021-23336-only-amp-as-query-sep.patch bsc#[0-9]+ mcepl@suse.com
 # this patch makes things totally awesome
 Patch62:        CVE-2021-23336-only-amp-as-query-sep.patch
-# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
-Patch63:        bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
+Patch63:        CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
 # PATCH-FIX-UPSTREAM CVE-2021-3733-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
 Patch64:        CVE-2021-3733-fix-ReDoS-in-request.patch
 # PATCH-FIX-UPSTREAM sphinx-update-removed-function.patch bpo#35293 gh#python/cpython#22198 -- fix doc build
diff --git a/python-doc.changes b/python-doc.changes
index a5bfe82..ddbb4d4 100644
--- a/python-doc.changes
+++ b/python-doc.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Aug 26 15:35:10 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Renamed patch for assigned CVE:
+  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
+    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+    (boo#1189241, CVE-2021-3737)
+
 -------------------------------------------------------------------
 Mon Aug 23 11:16:24 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
 
diff --git a/python-doc.spec b/python-doc.spec
index 3b54305..bc38a76 100644
--- a/python-doc.spec
+++ b/python-doc.spec
@@ -105,8 +105,8 @@ Patch61:        CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
 # PATCH-FIX-UPSTREAM CVE-2021-23336-only-amp-as-query-sep.patch bsc#[0-9]+ mcepl@suse.com
 # this patch makes things totally awesome
 Patch62:        CVE-2021-23336-only-amp-as-query-sep.patch
-# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
-Patch63:        bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
+Patch63:        CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
 # PATCH-FIX-UPSTREAM CVE-2021-3733-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
 Patch64:        CVE-2021-3733-fix-ReDoS-in-request.patch
 # PATCH-FIX-UPSTREAM sphinx-update-removed-function.patch bpo#35293 gh#python/cpython#22198 -- fix doc build
diff --git a/python.changes b/python.changes
index a5bfe82..ddbb4d4 100644
--- a/python.changes
+++ b/python.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Thu Aug 26 15:35:10 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
+
+- Renamed patch for assigned CVE:
+  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
+    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+    (boo#1189241, CVE-2021-3737)
+
 -------------------------------------------------------------------
 Mon Aug 23 11:16:24 UTC 2021 - Fusion Future <qydwhotmail@gmail.com>
 
diff --git a/python.spec b/python.spec
index 2e9a6a4..4597446 100644
--- a/python.spec
+++ b/python.spec
@@ -105,8 +105,8 @@ Patch61:        CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch
 # PATCH-FIX-UPSTREAM CVE-2021-23336-only-amp-as-query-sep.patch bsc#[0-9]+ mcepl@suse.com
 # this patch makes things totally awesome
 Patch62:        CVE-2021-23336-only-amp-as-query-sep.patch
-# PATCH-FIX-UPSTREAM bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
-Patch63:        bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
+# PATCH-FIX-UPSTREAM CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch boo#1189241 gh#python/cpython#25916
+Patch63:        CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
 # PATCH-FIX-UPSTREAM CVE-2021-3733-fix-ReDoS-in-request.patch boo#1189287 gh#python/cpython#24391
 Patch64:        CVE-2021-3733-fix-ReDoS-in-request.patch
 # PATCH-FIX-UPSTREAM sphinx-update-removed-function.patch bpo#35293 gh#python/cpython#22198 -- fix doc build