diff --git a/python-httplib2-0.9-binary-header-python3.patch b/python-httplib2-0.9-binary-header-python3.patch new file mode 100644 index 0000000..f761e4c --- /dev/null +++ b/python-httplib2-0.9-binary-header-python3.patch @@ -0,0 +1,59 @@ +From 93ba12c7d7483af5374ba5f0e62a46ddc5e1ffe2 Mon Sep 17 00:00:00 2001 +From: i026e +Date: Wed, 17 Dec 2014 11:25:07 +0300 +Subject: [PATCH 1/2] Update __init__.py + +There is a problem with headers when a binary string is passed (like b'Authorization') +I've added a function to decode such strings. +It is not an elegant solution, but it works for me +--- + python3/httplib2/__init__.py | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/python3/httplib2/__init__.py b/python3/httplib2/__init__.py +index 43f7419..b7b00b1 100644 +--- a/python3/httplib2/__init__.py ++++ b/python3/httplib2/__init__.py +@@ -192,8 +192,13 @@ def safename(filename): + + NORMALIZE_SPACE = re.compile(r'(?:\r\n)?[ \t]+') + def _normalize_headers(headers): +- return dict([ (key.lower(), NORMALIZE_SPACE.sub(value, ' ').strip()) for (key, value) in headers.items()]) ++ return dict([ (_convert_byte_str(key).lower(), NORMALIZE_SPACE.sub(_convert_byte_str(value), ' ').strip()) for (key, value) in headers.items()]) + ++def _convert_byte_str(s): ++ if not isinstance(s, str): ++ return str(s, 'utf-8') ++ return s ++ + def _parse_cache_control(headers): + retval = {} + if 'cache-control' in headers: + +From 1cf37bd8f5ddc8ac629b07031f7c5341840b5b7e Mon Sep 17 00:00:00 2001 +From: Cristobal +Date: Mon, 2 Mar 2015 21:00:03 -0300 +Subject: [PATCH 2/2] Added unit test for _convert_byte_str in + python3/httplib2test.py. + +--- + python3/httplib2test.py | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/python3/httplib2test.py b/python3/httplib2test.py +index 5f786bd..246956a 100755 +--- a/python3/httplib2test.py ++++ b/python3/httplib2test.py +@@ -1235,6 +1235,12 @@ def testNormalizeHeaders(self): + self.assertTrue('cache-control' in h) + self.assertTrue('other' in h) + self.assertEqual('Stuff', h['other']) ++ ++ def testConvertByteStr(self): ++ with self.assertRaises(TypeError): ++ httplib2._convert_byte_str(4) ++ self.assertEqual('Hello World', httplib2._convert_byte_str(b'Hello World')) ++ self.assertEqual('Bye World', httplib2._convert_byte_str('Bye World')) + + def testExpirationModelTransparent(self): + # Test that no-cache makes our request TRANSPARENT diff --git a/python-httplib2-0.9-cve-2013-2037.patch b/python-httplib2-0.9-cve-2013-2037.patch new file mode 100644 index 0000000..6a09337 --- /dev/null +++ b/python-httplib2-0.9-cve-2013-2037.patch @@ -0,0 +1,21 @@ +diff -Nur httplib2-0.9.orig/python2/httplib2/__init__.py httplib2-0.9/python2/httplib2/__init__.py +--- httplib2-0.9.orig/python2/httplib2/__init__.py 2015-04-03 13:10:43.401035131 -0600 ++++ httplib2-0.9/python2/httplib2/__init__.py 2015-04-03 13:10:08.470685647 -0600 +@@ -1042,7 +1042,7 @@ + raise CertificateHostnameMismatch( + 'Server presented certificate that does not match ' + 'host %s: %s' % (hostname, cert), hostname, cert) +- except ssl_SSLError, e: ++ except (ssl_SSLError, CertificateHostnameMismatch), e: + if sock: + sock.close() + if self.sock: +@@ -1052,7 +1052,7 @@ + # to get at more detailed error information, in particular + # whether the error is due to certificate validation or + # something else (such as SSL protocol mismatch). +- if e.errno == ssl.SSL_ERROR_SSL: ++ if hasattr(e, 'errno') and e.errno == ssl.SSL_ERROR_SSL: + raise SSLHandshakeError(e) + else: + raise diff --git a/python-httplib2-0.9-proxy-http.patch b/python-httplib2-0.9-proxy-http.patch new file mode 100644 index 0000000..0d55002 --- /dev/null +++ b/python-httplib2-0.9-proxy-http.patch @@ -0,0 +1,16 @@ +diff -Nur httplib2-0.9.orig/python2/httplib2/__init__.py httplib2-0.9/python2/httplib2/__init__.py +--- httplib2-0.9.orig/python2/httplib2/__init__.py 2015-04-03 12:56:04.834370332 -0600 ++++ httplib2-0.9/python2/httplib2/__init__.py 2015-04-03 12:58:16.441925454 -0600 +@@ -838,7 +838,11 @@ + else: + port = dict(https=443, http=80)[method] + +- proxy_type = 3 # socks.PROXY_TYPE_HTTP ++ if method == 'http': ++ proxy_type = 4 # socks.PROXY_TYPE_HTTP_NO_TUNNEL ++ else: ++ proxy_type = 3 # socks.PROXY_TYPE_HTTP ++ + return ProxyInfo( + proxy_type = proxy_type, + proxy_host = host, diff --git a/python-httplib2.spec b/python-httplib2.spec index b0a661c..8854c62 100644 --- a/python-httplib2.spec +++ b/python-httplib2.spec @@ -10,7 +10,7 @@ Name: python-httplib2 Version: 0.9 -Release: 5%{?dist} +Release: 6%{?dist} Summary: A comprehensive HTTP client library Group: System Environment/Libraries License: MIT @@ -22,6 +22,23 @@ Source0: https://pypi.python.org/packages/source/h/httplib2/httplib2-%{ve Patch1: %{name}.certfile.patch Patch2: %{name}.getCertHost.patch Patch3: %{name}.rfc2459.patch +# +# Fix proxy with plain http +# https://bugzilla.redhat.com/show_bug.cgi?id=857514 +# https://github.com/jcgregorio/httplib2/issues/228 +# +Patch4: python-httplib2-0.9-proxy-http.patch +# +# Fix for python2 invalid ssl cert hostname on second run +# https://bugzilla.redhat.com/show_bug.cgi?id=958638 +# +Patch5: python-httplib2-0.9-cve-2013-2037.patch +# +# Fix binary header handling in python3 +# https://github.com/jcgregorio/httplib2/pull/296 +# +Patch6: python-httplib2-0.9-binary-header-python3.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: python-setuptools BuildRequires: python-devel @@ -50,6 +67,9 @@ other HTTP libraries. %patch1 -p1 -b .certfile %patch2 -p0 -b .getCertHost %patch3 -p0 -b .rfc2459 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 %if 0%{?with_python3} rm -rf %{py3dir} @@ -90,6 +110,11 @@ rm -rf $RPM_BUILD_ROOT %endif # with_python3 %changelog +* Fri Apr 03 2015 Kevin Fenzi 0.9-6 +- Add patch to fix http over proxy. Fixes bug #857514 +- Add patch to fix CVE-2013-2037. Fixes bug #958640 +- Add patch to fix binary headers in python3. Fixes bug #1205127 + * Mon Jan 12 2015 Adam Williamson - 0.9-5 - certfile.patch: use /etc/pki/tls not /etc/ssl/certs, patch python3 too