Accepting request 974250 from devel:languages:python

- Add patch CVE-2021-41945-copy_with-data-leak.patch: * Do not leak data in httpx.URL.copy_with (bsc#1199002, CVE-2021-41945) OBS-URL: https://build.opensuse.org/request/show/974250 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-httpx?expand=0&rev=5
2022-05-04 13:10:24 +00:00
parent 4115920af4 192aaa70ad
commit 1b0c478925
3 changed files with 1681 additions and 1 deletions
--- a/CVE-2021-41945-copy_with-data-leak.patch
+++ b/CVE-2021-41945-copy_with-data-leak.patch
--- a/python-httpx.changes
+++ b/python-httpx.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon May  2 03:01:52 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Add patch CVE-2021-41945-copy_with-data-leak.patch:
+  * Do not leak data in httpx.URL.copy_with (bsc#1199002, CVE-2021-41945) 
+
 -------------------------------------------------------------------
 Fri Feb 11 19:31:34 UTC 2022 - Michael Ströder <michael@stroeder.com>

--- a/python-httpx.spec
+++ b/python-httpx.spec
@@ -33,6 +33,10 @@ Summary:        Python HTTP client with async support
 License:        BSD-3-Clause
 URL:            https://github.com/encode/httpx
 Source:         https://github.com/encode/httpx/archive/%{version}.tar.gz#/httpx-%{version}.tar.gz
+# PATCH-FIX-UPSTREAM CVE-2021-41945 gh#encode/httpx#2084 including changes
+# from gh#encode/httpx#2185
+# Don't leak data in httpx.URL.copy_with
+Patch0:         CVE-2021-41945-copy_with-data-leak.patch
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
@@ -81,7 +85,7 @@ BuildRequires:  %{python_module uvloop}
 Python HTTP client with async support.

 %prep
-%setup -q -n httpx-%{version}
+%autosetup -p1 -n httpx-%{version}
 rm setup.cfg

 %build