From 2ddc623a079376dc8ad24b2b5153919a8a724686 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 3 Apr 2015 13:26:39 -0600
Subject: [PATCH] - Add patch to fix http over proxy. Fixes bug #857514 - Add
 patch to fix CVE-2013-2037. Fixes bug #958640 - Add patch to fix binary
 headers in python3. Fixes bug #1205127

---
 ...n-httplib2-0.9-binary-header-python3.patch | 59 +++++++++++++++++++
 python-httplib2-0.9-cve-2013-2037.patch       | 21 +++++++
 python-httplib2-0.9-proxy-http.patch          | 16 +++++
 python-httplib2.spec                          | 27 ++++++++-
 4 files changed, 122 insertions(+), 1 deletion(-)
 create mode 100644 python-httplib2-0.9-binary-header-python3.patch
 create mode 100644 python-httplib2-0.9-cve-2013-2037.patch
 create mode 100644 python-httplib2-0.9-proxy-http.patch

diff --git a/python-httplib2-0.9-binary-header-python3.patch b/python-httplib2-0.9-binary-header-python3.patch
new file mode 100644
index 0000000..f761e4c
--- /dev/null
+++ b/python-httplib2-0.9-binary-header-python3.patch
@@ -0,0 +1,59 @@
+From 93ba12c7d7483af5374ba5f0e62a46ddc5e1ffe2 Mon Sep 17 00:00:00 2001
+From: i026e <klev.paul@gmail.com>
+Date: Wed, 17 Dec 2014 11:25:07 +0300
+Subject: [PATCH 1/2] Update __init__.py
+
+There is a problem with headers when a binary string is passed (like b'Authorization')
+I've added a function to decode such strings.
+It is not an elegant solution, but it works for me
+---
+ python3/httplib2/__init__.py | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/python3/httplib2/__init__.py b/python3/httplib2/__init__.py
+index 43f7419..b7b00b1 100644
+--- a/python3/httplib2/__init__.py
++++ b/python3/httplib2/__init__.py
+@@ -192,8 +192,13 @@ def safename(filename):
+ 
+ NORMALIZE_SPACE = re.compile(r'(?:\r\n)?[ \t]+')
+ def _normalize_headers(headers):
+-    return dict([ (key.lower(), NORMALIZE_SPACE.sub(value, ' ').strip())  for (key, value) in headers.items()])
++    return dict([ (_convert_byte_str(key).lower(), NORMALIZE_SPACE.sub(_convert_byte_str(value), ' ').strip())  for (key, value) in headers.items()])
+ 
++def _convert_byte_str(s):
++    if not isinstance(s, str):
++        return str(s, 'utf-8')
++    return s
++    
+ def _parse_cache_control(headers):
+     retval = {}
+     if 'cache-control' in headers:
+
+From 1cf37bd8f5ddc8ac629b07031f7c5341840b5b7e Mon Sep 17 00:00:00 2001
+From: Cristobal <cganterh@gmail.com>
+Date: Mon, 2 Mar 2015 21:00:03 -0300
+Subject: [PATCH 2/2] Added unit test for _convert_byte_str in
+ python3/httplib2test.py.
+
+---
+ python3/httplib2test.py | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/python3/httplib2test.py b/python3/httplib2test.py
+index 5f786bd..246956a 100755
+--- a/python3/httplib2test.py
++++ b/python3/httplib2test.py
+@@ -1235,6 +1235,12 @@ def testNormalizeHeaders(self):
+         self.assertTrue('cache-control' in h)
+         self.assertTrue('other' in h)
+         self.assertEqual('Stuff', h['other'])
++    
++    def testConvertByteStr(self):
++        with self.assertRaises(TypeError):
++            httplib2._convert_byte_str(4)
++        self.assertEqual('Hello World', httplib2._convert_byte_str(b'Hello World'))
++        self.assertEqual('Bye World', httplib2._convert_byte_str('Bye World'))
+ 
+     def testExpirationModelTransparent(self):
+         # Test that no-cache makes our request TRANSPARENT
diff --git a/python-httplib2-0.9-cve-2013-2037.patch b/python-httplib2-0.9-cve-2013-2037.patch
new file mode 100644
index 0000000..6a09337
--- /dev/null
+++ b/python-httplib2-0.9-cve-2013-2037.patch
@@ -0,0 +1,21 @@
+diff -Nur httplib2-0.9.orig/python2/httplib2/__init__.py httplib2-0.9/python2/httplib2/__init__.py
+--- httplib2-0.9.orig/python2/httplib2/__init__.py	2015-04-03 13:10:43.401035131 -0600
++++ httplib2-0.9/python2/httplib2/__init__.py	2015-04-03 13:10:08.470685647 -0600
+@@ -1042,7 +1042,7 @@
+                         raise CertificateHostnameMismatch(
+                             'Server presented certificate that does not match '
+                             'host %s: %s' % (hostname, cert), hostname, cert)
+-            except ssl_SSLError, e:
++            except (ssl_SSLError, CertificateHostnameMismatch), e:
+                 if sock:
+                     sock.close()
+                 if self.sock:
+@@ -1052,7 +1052,7 @@
+                 # to get at more detailed error information, in particular
+                 # whether the error is due to certificate validation or
+                 # something else (such as SSL protocol mismatch).
+-                if e.errno == ssl.SSL_ERROR_SSL:
++                if hasattr(e, 'errno') and e.errno == ssl.SSL_ERROR_SSL:
+                     raise SSLHandshakeError(e)
+                 else:
+                     raise
diff --git a/python-httplib2-0.9-proxy-http.patch b/python-httplib2-0.9-proxy-http.patch
new file mode 100644
index 0000000..0d55002
--- /dev/null
+++ b/python-httplib2-0.9-proxy-http.patch
@@ -0,0 +1,16 @@
+diff -Nur httplib2-0.9.orig/python2/httplib2/__init__.py httplib2-0.9/python2/httplib2/__init__.py
+--- httplib2-0.9.orig/python2/httplib2/__init__.py	2015-04-03 12:56:04.834370332 -0600
++++ httplib2-0.9/python2/httplib2/__init__.py	2015-04-03 12:58:16.441925454 -0600
+@@ -838,7 +838,11 @@
+     else:
+         port = dict(https=443, http=80)[method]
+ 
+-    proxy_type = 3 # socks.PROXY_TYPE_HTTP
++    if method == 'http':
++       proxy_type = 4 # socks.PROXY_TYPE_HTTP_NO_TUNNEL
++    else:
++       proxy_type = 3 # socks.PROXY_TYPE_HTTP
++
+     return ProxyInfo(
+         proxy_type = proxy_type,
+         proxy_host = host,
diff --git a/python-httplib2.spec b/python-httplib2.spec
index b0a661c..8854c62 100644
--- a/python-httplib2.spec
+++ b/python-httplib2.spec
@@ -10,7 +10,7 @@
 
 Name:           python-httplib2
 Version:        0.9
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        A comprehensive HTTP client library
 Group:          System Environment/Libraries
 License:        MIT
@@ -22,6 +22,23 @@ Source0:        https://pypi.python.org/packages/source/h/httplib2/httplib2-%{ve
 Patch1:         %{name}.certfile.patch
 Patch2:         %{name}.getCertHost.patch
 Patch3:         %{name}.rfc2459.patch
+#
+# Fix proxy with plain http
+# https://bugzilla.redhat.com/show_bug.cgi?id=857514
+# https://github.com/jcgregorio/httplib2/issues/228
+# 
+Patch4:         python-httplib2-0.9-proxy-http.patch
+#
+# Fix for python2 invalid ssl cert hostname on second run
+# https://bugzilla.redhat.com/show_bug.cgi?id=958638
+#
+Patch5:         python-httplib2-0.9-cve-2013-2037.patch
+#
+# Fix binary header handling in python3
+# https://github.com/jcgregorio/httplib2/pull/296
+#
+Patch6:         python-httplib2-0.9-binary-header-python3.patch
+
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  python-setuptools
 BuildRequires:  python-devel
@@ -50,6 +67,9 @@ other HTTP libraries.
 %patch1 -p1 -b .certfile
 %patch2 -p0 -b .getCertHost
 %patch3 -p0 -b .rfc2459
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
 
 %if 0%{?with_python3}
 rm -rf %{py3dir}
@@ -90,6 +110,11 @@ rm -rf $RPM_BUILD_ROOT
 %endif # with_python3
 
 %changelog
+* Fri Apr 03 2015 Kevin Fenzi <kevin@scrye.com> 0.9-6
+- Add patch to fix http over proxy. Fixes bug #857514
+- Add patch to fix CVE-2013-2037. Fixes bug #958640
+- Add patch to fix binary headers in python3. Fixes bug #1205127
+
 * Mon Jan 12 2015 Adam Williamson <awilliam@redhat.com> - 0.9-5
 - certfile.patch: use /etc/pki/tls not /etc/ssl/certs, patch python3 too