- Add patch to fix http over proxy. Fixes bug #857514

- Add patch to fix CVE-2013-2037. Fixes bug #958640
- Add patch to fix binary headers in python3. Fixes bug #1205127
This commit is contained in:
Kevin Fenzi 2015-04-03 13:26:39 -06:00
parent 4ec5e02d1c
commit 2ddc623a07
4 changed files with 122 additions and 1 deletions

View File

@ -0,0 +1,59 @@
From 93ba12c7d7483af5374ba5f0e62a46ddc5e1ffe2 Mon Sep 17 00:00:00 2001
From: i026e <klev.paul@gmail.com>
Date: Wed, 17 Dec 2014 11:25:07 +0300
Subject: [PATCH 1/2] Update __init__.py
There is a problem with headers when a binary string is passed (like b'Authorization')
I've added a function to decode such strings.
It is not an elegant solution, but it works for me
---
python3/httplib2/__init__.py | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/python3/httplib2/__init__.py b/python3/httplib2/__init__.py
index 43f7419..b7b00b1 100644
--- a/python3/httplib2/__init__.py
+++ b/python3/httplib2/__init__.py
@@ -192,8 +192,13 @@ def safename(filename):
NORMALIZE_SPACE = re.compile(r'(?:\r\n)?[ \t]+')
def _normalize_headers(headers):
- return dict([ (key.lower(), NORMALIZE_SPACE.sub(value, ' ').strip()) for (key, value) in headers.items()])
+ return dict([ (_convert_byte_str(key).lower(), NORMALIZE_SPACE.sub(_convert_byte_str(value), ' ').strip()) for (key, value) in headers.items()])
+def _convert_byte_str(s):
+ if not isinstance(s, str):
+ return str(s, 'utf-8')
+ return s
+
def _parse_cache_control(headers):
retval = {}
if 'cache-control' in headers:
From 1cf37bd8f5ddc8ac629b07031f7c5341840b5b7e Mon Sep 17 00:00:00 2001
From: Cristobal <cganterh@gmail.com>
Date: Mon, 2 Mar 2015 21:00:03 -0300
Subject: [PATCH 2/2] Added unit test for _convert_byte_str in
python3/httplib2test.py.
---
python3/httplib2test.py | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/python3/httplib2test.py b/python3/httplib2test.py
index 5f786bd..246956a 100755
--- a/python3/httplib2test.py
+++ b/python3/httplib2test.py
@@ -1235,6 +1235,12 @@ def testNormalizeHeaders(self):
self.assertTrue('cache-control' in h)
self.assertTrue('other' in h)
self.assertEqual('Stuff', h['other'])
+
+ def testConvertByteStr(self):
+ with self.assertRaises(TypeError):
+ httplib2._convert_byte_str(4)
+ self.assertEqual('Hello World', httplib2._convert_byte_str(b'Hello World'))
+ self.assertEqual('Bye World', httplib2._convert_byte_str('Bye World'))
def testExpirationModelTransparent(self):
# Test that no-cache makes our request TRANSPARENT

View File

@ -0,0 +1,21 @@
diff -Nur httplib2-0.9.orig/python2/httplib2/__init__.py httplib2-0.9/python2/httplib2/__init__.py
--- httplib2-0.9.orig/python2/httplib2/__init__.py 2015-04-03 13:10:43.401035131 -0600
+++ httplib2-0.9/python2/httplib2/__init__.py 2015-04-03 13:10:08.470685647 -0600
@@ -1042,7 +1042,7 @@
raise CertificateHostnameMismatch(
'Server presented certificate that does not match '
'host %s: %s' % (hostname, cert), hostname, cert)
- except ssl_SSLError, e:
+ except (ssl_SSLError, CertificateHostnameMismatch), e:
if sock:
sock.close()
if self.sock:
@@ -1052,7 +1052,7 @@
# to get at more detailed error information, in particular
# whether the error is due to certificate validation or
# something else (such as SSL protocol mismatch).
- if e.errno == ssl.SSL_ERROR_SSL:
+ if hasattr(e, 'errno') and e.errno == ssl.SSL_ERROR_SSL:
raise SSLHandshakeError(e)
else:
raise

View File

@ -0,0 +1,16 @@
diff -Nur httplib2-0.9.orig/python2/httplib2/__init__.py httplib2-0.9/python2/httplib2/__init__.py
--- httplib2-0.9.orig/python2/httplib2/__init__.py 2015-04-03 12:56:04.834370332 -0600
+++ httplib2-0.9/python2/httplib2/__init__.py 2015-04-03 12:58:16.441925454 -0600
@@ -838,7 +838,11 @@
else:
port = dict(https=443, http=80)[method]
- proxy_type = 3 # socks.PROXY_TYPE_HTTP
+ if method == 'http':
+ proxy_type = 4 # socks.PROXY_TYPE_HTTP_NO_TUNNEL
+ else:
+ proxy_type = 3 # socks.PROXY_TYPE_HTTP
+
return ProxyInfo(
proxy_type = proxy_type,
proxy_host = host,

View File

@ -10,7 +10,7 @@
Name: python-httplib2 Name: python-httplib2
Version: 0.9 Version: 0.9
Release: 5%{?dist} Release: 6%{?dist}
Summary: A comprehensive HTTP client library Summary: A comprehensive HTTP client library
Group: System Environment/Libraries Group: System Environment/Libraries
License: MIT License: MIT
@ -22,6 +22,23 @@ Source0: https://pypi.python.org/packages/source/h/httplib2/httplib2-%{ve
Patch1: %{name}.certfile.patch Patch1: %{name}.certfile.patch
Patch2: %{name}.getCertHost.patch Patch2: %{name}.getCertHost.patch
Patch3: %{name}.rfc2459.patch Patch3: %{name}.rfc2459.patch
#
# Fix proxy with plain http
# https://bugzilla.redhat.com/show_bug.cgi?id=857514
# https://github.com/jcgregorio/httplib2/issues/228
#
Patch4: python-httplib2-0.9-proxy-http.patch
#
# Fix for python2 invalid ssl cert hostname on second run
# https://bugzilla.redhat.com/show_bug.cgi?id=958638
#
Patch5: python-httplib2-0.9-cve-2013-2037.patch
#
# Fix binary header handling in python3
# https://github.com/jcgregorio/httplib2/pull/296
#
Patch6: python-httplib2-0.9-binary-header-python3.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: python-setuptools BuildRequires: python-setuptools
BuildRequires: python-devel BuildRequires: python-devel
@ -50,6 +67,9 @@ other HTTP libraries.
%patch1 -p1 -b .certfile %patch1 -p1 -b .certfile
%patch2 -p0 -b .getCertHost %patch2 -p0 -b .getCertHost
%patch3 -p0 -b .rfc2459 %patch3 -p0 -b .rfc2459
%patch4 -p1
%patch5 -p1
%patch6 -p1
%if 0%{?with_python3} %if 0%{?with_python3}
rm -rf %{py3dir} rm -rf %{py3dir}
@ -90,6 +110,11 @@ rm -rf $RPM_BUILD_ROOT
%endif # with_python3 %endif # with_python3
%changelog %changelog
* Fri Apr 03 2015 Kevin Fenzi <kevin@scrye.com> 0.9-6
- Add patch to fix http over proxy. Fixes bug #857514
- Add patch to fix CVE-2013-2037. Fixes bug #958640
- Add patch to fix binary headers in python3. Fixes bug #1205127
* Mon Jan 12 2015 Adam Williamson <awilliam@redhat.com> - 0.9-5 * Mon Jan 12 2015 Adam Williamson <awilliam@redhat.com> - 0.9-5
- certfile.patch: use /etc/pki/tls not /etc/ssl/certs, patch python3 too - certfile.patch: use /etc/pki/tls not /etc/ssl/certs, patch python3 too