Backport #3713 (fixes #1397149)

Signed-off-by: Jeremy Cline <jeremy@jcline.org>
2016-11-23 09:56:28 -05:00 · 2016-11-23 09:56:28 -05:00 · 8c50084912
commit 8c50084912
parent 6ce5e5ce2d
2 changed files with 44 additions and 1 deletions
--- a/0001-Restrict-URL-preparation-to-HTTP-HTTPS.patch
+++ b/0001-Restrict-URL-preparation-to-HTTP-HTTPS.patch
@ -0,0 +1,35 @@
+From 35d7b9264b5ae2c9b327d63464ec299b3d4bda2c Mon Sep 17 00:00:00 2001
+From: Christian Heimes <christian@python.org>
+Date: Mon, 21 Nov 2016 18:00:24 +0100
+Subject: [PATCH] Restrict URL preparation to HTTP/HTTPS
+
+Requests treats all URLs starting with the string 'http' as HTTP URLs.
+Preparation with IDNA breaks non-standard URIs like http+unix. Requests
+now prepares only URLs with prefix http:// and https://.
+
+Signed-off-by: Christian Heimes <christian@python.org>
+Signed-off-by: Jeremy Cline <jeremy@jcline.org>
+---
+ requests/models.py     |  6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/requests/models.py b/requests/models.py
+index a4bd41b..ca9e6fe 100644
+--- a/requests/models.py
+++ b/requests/models.py
+@@ -344,9 +344,9 @@ class PreparedRequest(RequestEncodingMixin, RequestHooksMixin):
+             url = unicode(url) if is_py2 else str(url)
+ 
+         # Don't do any URL preparation for non-HTTP schemes like `mailto`,
+-        # `data` etc to work around exceptions from `url_parse`, which
+-        # handles RFC 3986 only.
+-        if ':' in url and not url.lower().startswith('http'):
+        # `data`, `http+unix` etc to work around exceptions from `url_parse`,
+        # which handles RFC 3986 only.
+        if ':' in url and not url.lower().startswith(('http://', 'https://')):
+             self.url = url
+             return
+
+-- 
+2.9.3
+
--- a/python-requests.spec
+++ b/python-requests.spec
@ -11,7 +11,7 @@

 Name:           python-requests
 Version:        2.12.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        HTTP library, written in Python, for human beings

 License:        ASL 2.0
@ -32,6 +32,10 @@ Patch1:         python-requests-remove-nested-bundling-dep.patch
 # - https://github.com/kennethreitz/requests/issues/2816
 Patch2:         python-requests-urllib3-at-%{urllib3_unbundled_version}.patch

+# Backport of https://github.com/kennethreitz/requests/pull/3713
+# This patch should be removed after the 2.12.2 or 2.13 release.
+Patch3:         0001-Restrict-URL-preparation-to-HTTP-HTTPS.patch
+
 BuildArch:      noarch

 %description
@ -90,6 +94,7 @@ designed to make HTTP requests easy for developers.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 # Unbundle the certificate bundle from mozilla.
 rm -rf requests/cacert.pem
@ -175,6 +180,9 @@ popd
 %endif

 %changelog
+* Wed Nov 23 2016 Jeremy Cline <jeremy@jcline.org> - 2.12.1-2
+- Backport #3713. Fixes #1397149
+
 * Thu Nov 17 2016 Jeremy Cline <jeremy@jcline.org> - 2.12.1-1
 - Update to 2.12.1. Fixes #1395469
 - Unbundle idna, a new upstream dependency