diff --git a/fix-cve-2024-35195.patch b/fix-cve-2024-35195.patch deleted file mode 100644 index b8dc53b1fdc17892fdd02ce0981a73dd767ab182..0000000000000000000000000000000000000000 --- a/fix-cve-2024-35195.patch +++ /dev/null @@ -1,125 +0,0 @@ -From 73b12bb30809b0f842011b800027e31953a78f38 Mon Sep 17 00:00:00 2001 -From: root -Date: Thu, 11 Jul 2024 15:46:51 +0800 -Subject: [PATCH] fix-cve-2024-35195 - ---- - requests/adapters.py | 58 +++++++++++++++++++++++++++++++++++++++++- - tests/test_requests.py | 8 ++++++ - 2 files changed, 65 insertions(+), 1 deletion(-) - -diff --git a/requests/adapters.py b/requests/adapters.py -index 78e3bb6..7eafebb 100644 ---- a/requests/adapters.py -+++ b/requests/adapters.py -@@ -8,6 +8,7 @@ and maintain connections. - - import os.path - import socket # noqa: F401 -+import typing - - from urllib3.exceptions import ClosedPoolError, ConnectTimeoutError - from urllib3.exceptions import HTTPError as _HTTPError -@@ -61,12 +62,38 @@ except ImportError: - raise InvalidSchema("Missing dependencies for SOCKS support.") - - -+if typing.TYPE_CHECKING: -+ from .models import PreparedRequest -+ -+ - DEFAULT_POOLBLOCK = False - DEFAULT_POOLSIZE = 10 - DEFAULT_RETRIES = 0 - DEFAULT_POOL_TIMEOUT = None - - -+def _urllib3_request_context( -+ request: "PreparedRequest", verify: "bool | str | None" -+) -> "(typing.Dict[str, typing.Any], typing.Dict[str, typing.Any])": -+ host_params = {} -+ pool_kwargs = {} -+ parsed_request_url = urlparse(request.url) -+ scheme = parsed_request_url.scheme.lower() -+ port = parsed_request_url.port -+ cert_reqs = "CERT_REQUIRED" -+ if verify is False: -+ cert_reqs = "CERT_NONE" -+ if isinstance(verify, str): -+ pool_kwargs["ca_certs"] = verify -+ pool_kwargs["cert_reqs"] = cert_reqs -+ host_params = { -+ "scheme": scheme, -+ "host": parsed_request_url.hostname, -+ "port": port, -+ } -+ return host_params, pool_kwargs -+ -+ - class BaseAdapter: - """The Base Transport Adapter""" - -@@ -328,6 +355,35 @@ class HTTPAdapter(BaseAdapter): - - return response - -+ def _get_connection(self, request, verify, proxies=None): -+ # Replace the existing get_connection without breaking things and -+ # ensure that TLS settings are considered when we interact with -+ # urllib3 HTTP Pools -+ proxy = select_proxy(request.url, proxies) -+ try: -+ host_params, pool_kwargs = _urllib3_request_context(request, verify) -+ except ValueError as e: -+ raise InvalidURL(e, request=request) -+ if proxy: -+ proxy = prepend_scheme_if_needed(proxy, "http") -+ proxy_url = parse_url(proxy) -+ if not proxy_url.host: -+ raise InvalidProxyURL( -+ "Please check proxy URL. It is malformed " -+ "and could be missing the host." -+ ) -+ proxy_manager = self.proxy_manager_for(proxy) -+ conn = proxy_manager.connection_from_host( -+ **host_params, pool_kwargs=pool_kwargs -+ ) -+ else: -+ # Only scheme should be lower case -+ conn = self.poolmanager.connection_from_host( -+ **host_params, pool_kwargs=pool_kwargs -+ ) -+ -+ return conn -+ - def get_connection(self, url, proxies=None): - """Returns a urllib3 connection for the given URL. This should not be - called from user code, and is only exposed for use when subclassing the -@@ -451,7 +507,7 @@ class HTTPAdapter(BaseAdapter): - """ - - try: -- conn = self.get_connection(request.url, proxies) -+ conn = self._get_connection(request.verify, proxies) - except LocationValueError as e: - raise InvalidURL(e, request=request) - -diff --git a/tests/test_requests.py b/tests/test_requests.py -index b420c44..9f33cf7 100644 ---- a/tests/test_requests.py -+++ b/tests/test_requests.py -@@ -2808,3 +2808,11 @@ class TestPreparingURLs: - with pytest.raises(requests.exceptions.JSONDecodeError) as excinfo: - r.json() - assert excinfo.value.doc == r.text -+ -+ def test_different_connection_pool_for_tls_settings(self): -+ s = requests.Session() -+ r1 = s.get("https://invalid.badssl.com", verify=False) -+ assert r1.status_code == 421 -+ with pytest.raises(requests.exceptions.SSLError): -+ s.get("https://invalid.badssl.com") -+ --- -2.33.0 - diff --git a/python-requests.spec b/python-requests.spec index e36dde2a73055c120599e1742a5264891fae00a5..22c28b207239744942a2b9291b6e73359b65f98f 100644 --- a/python-requests.spec +++ b/python-requests.spec @@ -1,9 +1,9 @@ -%define anolis_release 3 +%define anolis_release 1 %bcond_with tests Name: python-requests -Version: 2.31.0 +Version: 2.32.0 Release: %{anolis_release}%{dist} Summary: HTTP library, written in Python, for human beings @@ -21,8 +21,6 @@ designed to make HTTP requests easy for developers. %package -n python%{python3_pkgversion}-requests Summary: HTTP library, written in Python, for human beings -#https://github.com/psf/requests/commit/c0813a2d910ea6b4f8438b91d315b8d181302356 -Patch1: fix-cve-2024-35195.patch %{?python_provide:%python_provide python%{python3_pkgversion}-requests} @@ -63,9 +61,6 @@ The python%{python3_pkgversion}-requests-doc package contains documentation file %prep %autosetup -p1 -n requests-%{version} -# env shebang in nonexecutable file -sed -i '/#!\/usr\/.*python/d' requests/certs.py - # Some doctests use the internet and fail to pass in Koji. Since doctests don't have names, I don't # know a way to skip them. We also don't want to patch them out, because patching them out will # change the docs. Thus, we set pytest not to run doctests at all. @@ -93,6 +88,9 @@ sed -i 's/ --doctest-modules//' pyproject.toml %doc README.md HISTORY.md %changelog +* Wed Oct 30 2024 mgb01105731 - 2.32.0-1 +- update to 2.32.0 + * Thu Jul 11 2024 yangxinyu - 2.31.0-3 - fix-cve-2024-35195 diff --git a/requests-2.31.0.tar.gz b/requests-2.31.0.tar.gz deleted file mode 100644 index b0962abc7053dcda90c1f586d00c0fc5b9eb14ab..0000000000000000000000000000000000000000 Binary files a/requests-2.31.0.tar.gz and /dev/null differ diff --git a/requests-2.32.0.tar.gz b/requests-2.32.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..05bcf924c7f6e7727bb2b63738572d63ce09985c Binary files /dev/null and b/requests-2.32.0.tar.gz differ