- Add patch CVE-2021-41945-copy_with-data-leak.patch:

* Do not leak data in httpx.URL.copy_with (bsc#1199002, CVE-2021-41945) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-httpx?expand=0&rev=8
2022-05-02 03:02:15 +00:00 · 2022-05-02 03:02:15 +00:00 · 192aaa70ad
commit 192aaa70ad
parent 2d4674ac21
3 changed files with 1681 additions and 1 deletions
--- a/CVE-2021-41945-copy_with-data-leak.patch
+++ b/CVE-2021-41945-copy_with-data-leak.patch
--- a/python-httpx.changes
+++ b/python-httpx.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon May  2 03:01:52 UTC 2022 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Add patch CVE-2021-41945-copy_with-data-leak.patch:
+  * Do not leak data in httpx.URL.copy_with (bsc#1199002, CVE-2021-41945) 
+
 -------------------------------------------------------------------
 Fri Feb 11 19:31:34 UTC 2022 - Michael Ströder <michael@stroeder.com>

--- a/python-httpx.spec
+++ b/python-httpx.spec
@ -33,6 +33,10 @@ Summary:        Python HTTP client with async support
 License:        BSD-3-Clause
 URL:            https://github.com/encode/httpx
 Source:         https://github.com/encode/httpx/archive/%{version}.tar.gz#/httpx-%{version}.tar.gz
+# PATCH-FIX-UPSTREAM CVE-2021-41945 gh#encode/httpx#2084 including changes
+# from gh#encode/httpx#2185
+# Don't leak data in httpx.URL.copy_with
+Patch0:         CVE-2021-41945-copy_with-data-leak.patch
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
@ -81,7 +85,7 @@ BuildRequires:  %{python_module uvloop}
 Python HTTP client with async support.

 %prep
-%setup -q -n httpx-%{version}
+%autosetup -p1 -n httpx-%{version}
 rm setup.cfg

 %build