From 4686cde7f8d628ddd742e6c8aa8d1936065c3dd8 Mon Sep 17 00:00:00 2001 From: wenyuzifang Date: Wed, 20 Aug 2025 18:49:46 +0800 Subject: [PATCH] Update code from upstream --- ...ault-SSLContext-if-CA-bundle-isn-t-p.patch | 36 +++++++++++++++++++ python-requests.spec | 12 +++++-- 2 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 0001-Don-t-create-default-SSLContext-if-CA-bundle-isn-t-p.patch diff --git a/0001-Don-t-create-default-SSLContext-if-CA-bundle-isn-t-p.patch b/0001-Don-t-create-default-SSLContext-if-CA-bundle-isn-t-p.patch new file mode 100644 index 0000000..14ca3a1 --- /dev/null +++ b/0001-Don-t-create-default-SSLContext-if-CA-bundle-isn-t-p.patch @@ -0,0 +1,36 @@ +From 08e863f94fe93b4b3bd2e8267234be7a23350b1d Mon Sep 17 00:00:00 2001 +From: Adam Williamson +Date: Thu, 1 Aug 2024 12:58:38 -0700 +Subject: [PATCH] Don't create default SSLContext if CA bundle isn't present + +Similar to e18879932287c2bf4bcee4ddf6ccb8a69b6fc656 , this also +skips creation of the default SSLContext on FileNotFoundError, +which is raised if DEFAULT_CA_BUNDLE_PATH does not exist. + +See: https://bugzilla.redhat.com/show_bug.cgi?id=2297632 + +Signed-off-by: Adam Williamson +--- + src/requests/adapters.py | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/requests/adapters.py b/src/requests/adapters.py +index 9a58b160..fb151a95 100644 +--- a/src/requests/adapters.py ++++ b/src/requests/adapters.py +@@ -81,9 +81,10 @@ try: + _preloaded_ssl_context.load_verify_locations( + extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH) + ) +-except ImportError: ++except (ImportError, FileNotFoundError): + # Bypass default SSLContext creation when Python +- # interpreter isn't built with the ssl module. ++ # interpreter isn't built with the ssl module, or ++ # DEFAULT_CA_BUNDLE_PATH isn't present + _preloaded_ssl_context = None + + +-- +2.45.2 + diff --git a/python-requests.spec b/python-requests.spec index c67774e..30c87bf 100644 --- a/python-requests.spec +++ b/python-requests.spec @@ -1,17 +1,19 @@ -%define anolis_release 2 +%define anolis_release 3 %bcond_with tests Name: python-requests -Version: 2.32.3 +Version: 2.32.3 Release: %{anolis_release}%{dist} Summary: HTTP library, written in Python, for human beings License: ASL 2.0 URL: https://pypi.io/project/requests Source0: https://github.com/psf/requests/releases/download/v%{version}/requests-%{version}.tar.gz +Source: https://github.com/requests/requests/archive/v2.32.3/requests-v2.32.3.tar.gz Patch1: 1-bugfix-for-CVE-2024-47081.patch +Patch2: 0001-Don-t-create-default-SSLContext-if-CA-bundle-isn-t-p.patch BuildArch: noarch %description @@ -33,6 +35,10 @@ BuildRequires: python3dist(pytest) BuildRequires: python3dist(pytest-httpbin) BuildRequires: python3dist(pytest-mock) BuildRequires: python3dist(trustme) +BuildRequires: python3dist(pytest) +BuildRequires: python3dist(pytest-httpbin) +BuildRequires: python3dist(pytest-mock) +BuildRequires: python3dist(trustme) %endif @@ -89,6 +95,8 @@ sed -i 's/ --doctest-modules//' pyproject.toml %doc README.md HISTORY.md %changelog +* Wed Aug 20 2025 wenyuzifang - 2.32.3-3 +- Apply patch to prevent crashes when the CA bundle file is missing * Thu Jul 03 2025 tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com> - 2.32.3-2 - Fix CVE-2024-47081 -- Gitee