rpms/python-pymongo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 3.4.0 (#1400227).

Browse Source 
Also,
* Use new install macros.
* Drop unneeded BuildRequires on python-nose.
* pymongo now requires bson by arch as it should.
This commit is contained in:
Randy Barlow 2016-12-18 23:21:47 -05:00
parent a47d21f435
commit a3432e7460
6 changed files with 71 additions and 212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -8,3 +8,4 @@
/3.2.1.tar.gz
/3.2.2.tar.gz
/3.3.0.tar.gz
/3.4.0.tar.gz

41
0001-Serverless-test-suite-workaround.patch
View File

@ -1,41 +0,0 @@
From bc392400e5d53c8f65b7adb1bc1dd2e88a4d510b Mon Sep 17 00:00:00 2001
From: Haikel Guemar <hguemar@fedoraproject.org>
Date: Thu, 1 Oct 2015 11:26:44 +0200
Subject: [PATCH 1/2] Serverless test suite workaround
---
test/__init__.py | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/test/__init__.py b/test/__init__.py
index 62e6bdf..d06120d 100644
--- a/test/__init__.py
+++ b/test/__init__.py
@@ -366,12 +366,6 @@ def setup():
def teardown():
c = client_context.client
- c.drop_database("pymongo-pooling-tests")
- c.drop_database("pymongo_test")
- c.drop_database("pymongo_test1")
- c.drop_database("pymongo_test2")
- c.drop_database("pymongo_test_mike")
- c.drop_database("pymongo_test_bernie")
if client_context.auth_enabled and not client_context.user_provided:
c.admin.remove_user(db_user)
@@ -386,8 +380,10 @@ class PymongoTestRunner(unittest.TextTestRunner):
return result
-def test_cases(suite):
+def test_cases(suite=None):
"""Iterator over all TestCases within a TestSuite."""
+ if suite is None:
+ return
for suite_or_case in suite._tests:
if isinstance(suite_or_case, unittest.TestCase):
# unittest.TestCase
--
2.5.0

50
0001-Use-ssl.match_hostname-from-the-Python-stdlib.patch Normal file
View File

@ -0,0 +1,50 @@
From 2ceb8396c6bb3c5ef486a971f2a091f8d702fc15 Mon Sep 17 00:00:00 2001
From: Randy Barlow <randy@electronsweatshop.com>
Date: Sun, 18 Dec 2016 17:37:39 -0500
Subject: [PATCH] Use ssl_match_hostname from Python's stdlib.
The patch removes the usage of the bundled ssl.match_hostname library as it was
vulnerable to CVE-2013-7440 and CVE-2013-2099, and wasn't needed
anyway since Fedora >= 22 has the needed module in the Python
standard library. It adjusts imports so that they exclusively
use the code from Python.
Fixes CVE-2013-2099 and CVE-2013-7440.
---
pymongo/errors.py | 5 +----
pymongo/pool.py | 3 +--
2 files changed, 2 insertions(+), 6 deletions(-)
diff --git a/pymongo/errors.py b/pymongo/errors.py
index fb4c9e48..e8e6350b 100644
--- a/pymongo/errors.py
+++ b/pymongo/errors.py
@@ -16,10 +16,7 @@
from bson.errors import *
-try:
- from ssl import CertificateError
-except ImportError:
- from pymongo.ssl_match_hostname import CertificateError
+from ssl import CertificateError
class PyMongoError(Exception):
diff --git a/pymongo/pool.py b/pymongo/pool.py
index d6c5b773..5ca82c2d 100644
--- a/pymongo/pool.py
+++ b/pymongo/pool.py
@@ -49,8 +49,7 @@ from pymongo.network import (command,
from pymongo.read_concern import DEFAULT_READ_CONCERN
from pymongo.read_preferences import ReadPreference
from pymongo.server_type import SERVER_TYPE
-# Always use our backport so we always have support for IP address matching
-from pymongo.ssl_match_hostname import match_hostname, CertificateError
+from ssl import match_hostname, CertificateError
# For SNI support. According to RFC6066, section 3, IPv4 and IPv6 literals are
# not permitted for SNI hostname.
--
2.11.0

159
0002-Use-ssl.match_hostname-from-the-Python-stdlib.patch
View File

@ -1,159 +0,0 @@
From e6adec8cae7c4a7840fb012c6479856caaf18aba Mon Sep 17 00:00:00 2001
From: Randy Barlow <bowlofeggs@electronsweatshop.com>
Date: Fri, 15 Jul 2016 10:12:16 -0400
Subject: [PATCH] Use ssl.match_hostname from the Python stdlib.
This patch removes the bundled ssl.match_hostname library as it was
vulnerable to CVE-2013-7440 and CVE-2013-2099, and wasn't needed
anyway since Fedora >= 22 has the needed module in the Python
standard library. It also adjusts imports so that they exclusively
use the code from Python.
---
pymongo/errors.py | 5 +--
pymongo/pool.py | 6 +--
pymongo/ssl_match_hostname.py | 100 ------------------------------------------
3 files changed, 2 insertions(+), 109 deletions(-)
delete mode 100644 pymongo/ssl_match_hostname.py
diff --git a/pymongo/errors.py b/pymongo/errors.py
index fb4c9e4..e8e6350 100644
--- a/pymongo/errors.py
+++ b/pymongo/errors.py
@@ -16,10 +16,7 @@
from bson.errors import *
-try:
- from ssl import CertificateError
-except ImportError:
- from pymongo.ssl_match_hostname import CertificateError
+from ssl import CertificateError
class PyMongoError(Exception):
diff --git a/pymongo/pool.py b/pymongo/pool.py
index 6e9cc75..41bef83 100644
--- a/pymongo/pool.py
+++ b/pymongo/pool.py
@@ -44,11 +44,7 @@ from pymongo.server_type import SERVER_TYPE
# main thread, to avoid the deadlock. See PYTHON-607.
u'foo'.encode('idna')
-try:
- from ssl import match_hostname, CertificateError
-except ImportError:
- # These don't require the ssl module
- from pymongo.ssl_match_hostname import match_hostname, CertificateError
+from ssl import match_hostname, CertificateError
def _raise_connection_failure(address, error):
diff --git a/pymongo/ssl_match_hostname.py b/pymongo/ssl_match_hostname.py
deleted file mode 100644
index f74df15..0000000
--- a/pymongo/ssl_match_hostname.py
+++ /dev/null
@@ -1,100 +0,0 @@
-# Backport of the match_hostname logic introduced in python 3.2
-# http://hg.python.org/releasing/3.3.5/file/993955b807b3/Lib/ssl.py
-
-import re
-
-
-class CertificateError(ValueError):
- pass
-
-
-def _dnsname_match(dn, hostname, max_wildcards=1):
- """Matching according to RFC 6125, section 6.4.3
-
- http://tools.ietf.org/html/rfc6125#section-6.4.3
- """
- pats = []
- if not dn:
- return False
-
- parts = dn.split(r'.')
- leftmost = parts[0]
- remainder = parts[1:]
-
- wildcards = leftmost.count('*')
- if wildcards > max_wildcards:
- # Issue #17980: avoid denials of service by refusing more
- # than one wildcard per fragment. A survey of established
- # policy among SSL implementations showed it to be a
- # reasonable choice.
- raise CertificateError(
- "too many wildcards in certificate DNS name: " + repr(dn))
-
- # speed up common case w/o wildcards
- if not wildcards:
- return dn.lower() == hostname.lower()
-
- # RFC 6125, section 6.4.3, subitem 1.
- # The client SHOULD NOT attempt to match a presented identifier in which
- # the wildcard character comprises a label other than the left-most label.
- if leftmost == '*':
- # When '*' is a fragment by itself, it matches a non-empty dotless
- # fragment.
- pats.append('[^.]+')
- elif leftmost.startswith('xn--') or hostname.startswith('xn--'):
- # RFC 6125, section 6.4.3, subitem 3.
- # The client SHOULD NOT attempt to match a presented identifier
- # where the wildcard character is embedded within an A-label or
- # U-label of an internationalized domain name.
- pats.append(re.escape(leftmost))
- else:
- # Otherwise, '*' matches any dotless string, e.g. www*
- pats.append(re.escape(leftmost).replace(r'\*', '[^.]*'))
-
- # add the remaining fragments, ignore any wildcards
- for frag in remainder:
- pats.append(re.escape(frag))
-
- pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE)
- return pat.match(hostname)
-
-
-def match_hostname(cert, hostname):
- """Verify that *cert* (in decoded format as returned by
- SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125
- rules are followed, but IP addresses are not accepted for *hostname*.
-
- CertificateError is raised on failure. On success, the function
- returns nothing.
- """
- if not cert:
- raise ValueError("empty or no certificate")
- dnsnames = []
- san = cert.get('subjectAltName', ())
- for key, value in san:
- if key == 'DNS':
- if _dnsname_match(value, hostname):
- return
- dnsnames.append(value)
- if not dnsnames:
- # The subject is only checked when there is no dNSName entry
- # in subjectAltName
- for sub in cert.get('subject', ()):
- for key, value in sub:
- # XXX according to RFC 2818, the most specific Common Name
- # must be used.
- if key == 'commonName':
- if _dnsname_match(value, hostname):
- return
- dnsnames.append(value)
- if len(dnsnames) > 1:
- raise CertificateError("hostname %r "
- "doesn't match either of %s"
- % (hostname, ', '.join(map(repr, dnsnames))))
- elif len(dnsnames) == 1:
- raise CertificateError("hostname %r "
- "doesn't match %r"
- % (hostname, dnsnames[0]))
- else:
- raise CertificateError("no appropriate commonName or "
- "subjectAltName fields were found")
--
2.9.0

30
python-pymongo.spec
View File

@ -5,19 +5,18 @@
}
Name: python-pymongo
Version: 3.3.0
Release: 6%{?dist}
Version: 3.4.0
Release: 1%{?dist}
# All code is ASL 2.0 except bson/time64*.{c,h} which is MIT
License: ASL 2.0 and MIT
Summary: Python driver for MongoDB
URL: http://api.mongodb.org/python
Source0: https://github.com/mongodb/mongo-python-driver/archive/%{version}.tar.gz
Patch01: 0001-Serverless-test-suite-workaround.patch
# This patch removes the bundled ssl.match_hostname library as it was vulnerable to CVE-2013-7440
# and CVE-2013-2099, and wasn't needed anyway since Fedora >= 22 has the needed module in the Python
# standard library. It also adjusts imports so that they exclusively use the code from Python.
Patch02: 0002-Use-ssl.match_hostname-from-the-Python-stdlib.patch
Patch01: 0001-Use-ssl.match_hostname-from-the-Python-stdlib.patch
%ifnarch armv7hl ppc64 s390 s390x
# These are needed for tests, and the tests don't work on armv7hl.
@ -26,7 +25,6 @@ BuildRequires: mongodb-server
BuildRequires: net-tools
BuildRequires: procps-ng
%endif
BuildRequires: python-nose
BuildRequires: python-tools
BuildRequires: python2-devel
BuildRequires: python2-setuptools
@ -74,7 +72,7 @@ contains the python3 version of this module.
%package -n python2-pymongo
Summary: Python driver for MongoDB
Requires: python2-bson = %{version}-%{release}
Requires: python2-bson%{?_isa} = %{version}-%{release}
Provides: pymongo = %{version}-%{release}
Obsoletes: pymongo <= 2.1.1-4
%{?python_provide:%python_provide python2-pymongo}
@ -87,7 +85,7 @@ this module.
%package -n python3-pymongo
Summary: Python driver for MongoDB
Requires: python3-bson = %{version}-%{release}
Requires: python3-bson%{?_isa} = %{version}-%{release}
%{?python_provide:%python_provide python3-pymongo}
@ -121,8 +119,12 @@ contains the python3 version of this module.
%prep
%setup -q -n mongo-python-driver-%{version}
%patch01 -p1 -b .test
%patch02 -p1 -b .ssl
%patch01 -p1 -b .ssl
# Remove the bundled ssl.match_hostname library as it was vulnerable to CVE-2013-7440
# and CVE-2013-2099, and isn't needed anyway since Fedora >= 22 has the needed module in the Python
# standard library.
rm pymongo/ssl_match_hostname.py
rm -rf %{py3dir}
cp -a . %{py3dir}
@ -141,13 +143,13 @@ popd
%install
%{__python2} setup.py install --skip-build --root $RPM_BUILD_ROOT
%py2_install
# Fix permissions
chmod 755 %{buildroot}%{python2_sitearch}/bson/*.so
chmod 755 %{buildroot}%{python2_sitearch}/pymongo/*.so
pushd %{py3dir}
%{__python3} setup.py install --skip-build --root $RPM_BUILD_ROOT
%py3_install
# Fix permissions
chmod 755 %{buildroot}%{python3_sitearch}/bson/*.so
chmod 755 %{buildroot}%{python3_sitearch}/pymongo/*.so
@ -222,6 +224,12 @@ pkill mongod
%changelog
* Sun Dec 18 2016 Randy Barlow <bowlofeggs@fedoraproject.org> - 3.4.0-1
- Update to 3.4.0 (#1400227).
- Use new install macros.
- Drop unneeded BuildRequires on python-nose.
- pymongo now requires bson by arch as it should.
* Fri Dec 09 2016 Charalampos Stratakis <cstratak@redhat.com> - 3.3.0-6
- Rebuild for Python 3.6

2
sources
View File

@ -1 +1 @@
1de42b3e27ff20406c23fae2b99d1afa 3.3.0.tar.gz
SHA512 (3.4.0.tar.gz) = 0a8c86ec6f1821fe405ca28a645103c85b5256dd76a201dfeb89bca0c90eb911139f584d784936add7f355f1b80ad6689b2c76dedd162b49496542402b55ccdf