import python-requests-2.20.0-3.module+el8.2.0+4577+feefd9b8
This commit is contained in:
parent
c22fae3b72
commit
f2718082ef
|
@ -0,0 +1,67 @@
|
|||
diff --git a/requests/sessions.py b/requests/sessions.py
|
||||
index a448bd8..d73d700 100644
|
||||
--- a/requests/sessions.py
|
||||
+++ b/requests/sessions.py
|
||||
@@ -19,7 +19,7 @@ from .cookies import (
|
||||
from .models import Request, PreparedRequest, DEFAULT_REDIRECT_LIMIT
|
||||
from .hooks import default_hooks, dispatch_hook
|
||||
from ._internal_utils import to_native_string
|
||||
-from .utils import to_key_val_list, default_headers
|
||||
+from .utils import to_key_val_list, default_headers, DEFAULT_PORTS
|
||||
from .exceptions import (
|
||||
TooManyRedirects, InvalidSchema, ChunkedEncodingError, ContentDecodingError)
|
||||
|
||||
@@ -128,8 +128,17 @@ class SessionRedirectMixin(object):
|
||||
if (old_parsed.scheme == 'http' and old_parsed.port in (80, None)
|
||||
and new_parsed.scheme == 'https' and new_parsed.port in (443, None)):
|
||||
return False
|
||||
+
|
||||
+ # Handle default port usage corresponding to scheme.
|
||||
+ changed_port = old_parsed.port != new_parsed.port
|
||||
+ changed_scheme = old_parsed.scheme != new_parsed.scheme
|
||||
+ default_port = (DEFAULT_PORTS.get(old_parsed.scheme, None), None)
|
||||
+ if (not changed_scheme and old_parsed.port in default_port
|
||||
+ and new_parsed.port in default_port):
|
||||
+ return False
|
||||
+
|
||||
# Standard case: root URI must match
|
||||
- return old_parsed.port != new_parsed.port or old_parsed.scheme != new_parsed.scheme
|
||||
+ return changed_port or changed_scheme
|
||||
|
||||
def resolve_redirects(self, resp, req, stream=False, timeout=None,
|
||||
verify=True, cert=None, proxies=None, yield_requests=False, **adapter_kwargs):
|
||||
diff --git a/requests/utils.py b/requests/utils.py
|
||||
index 0ce7fe1..04145c8 100644
|
||||
--- a/requests/utils.py
|
||||
+++ b/requests/utils.py
|
||||
@@ -38,6 +38,8 @@ NETRC_FILES = ('.netrc', '_netrc')
|
||||
|
||||
DEFAULT_CA_BUNDLE_PATH = certs.where()
|
||||
|
||||
+DEFAULT_PORTS = {'http': 80, 'https': 443}
|
||||
+
|
||||
|
||||
if sys.platform == 'win32':
|
||||
# provide a proxy_bypass version on Windows without DNS lookups
|
||||
diff --git a/tests/test_requests.py b/tests/test_requests.py
|
||||
index f46561e..f99fdaf 100644
|
||||
--- a/tests/test_requests.py
|
||||
+++ b/tests/test_requests.py
|
||||
@@ -1611,6 +1611,17 @@ class TestRequests:
|
||||
s = requests.Session()
|
||||
assert s.should_strip_auth('http://example.com:1234/foo', 'https://example.com:4321/bar')
|
||||
|
||||
+ @pytest.mark.parametrize(
|
||||
+ 'old_uri, new_uri', (
|
||||
+ ('https://example.com:443/foo', 'https://example.com/bar'),
|
||||
+ ('http://example.com:80/foo', 'http://example.com/bar'),
|
||||
+ ('https://example.com/foo', 'https://example.com:443/bar'),
|
||||
+ ('http://example.com/foo', 'http://example.com:80/bar')
|
||||
+ ))
|
||||
+ def test_should_strip_auth_default_port(self, old_uri, new_uri):
|
||||
+ s = requests.Session()
|
||||
+ assert not s.should_strip_auth(old_uri, new_uri)
|
||||
+
|
||||
def test_manual_redirect_with_partial_body_read(self, httpbin):
|
||||
s = requests.Session()
|
||||
r1 = s.get(httpbin('redirect/2'), allow_redirects=False, stream=True)
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
Name: python-requests
|
||||
Version: 2.20.0
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: HTTP library, written in Python, for human beings
|
||||
|
||||
License: ASL 2.0
|
||||
|
@ -31,6 +31,12 @@ Patch4: Don-t-inject-pyopenssl-into-urllib3.patch
|
|||
# build-time package tests
|
||||
Patch5: Skip-all-tests-needing-httpbin.patch
|
||||
|
||||
# Properly handle default ports when stripping the authorization header.
|
||||
# This fixes a regression introduced with fixing CVE-2018-18074.
|
||||
# Fixed upstream: https://github.com/psf/requests/pull/4851
|
||||
# Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1762422
|
||||
Patch6: properly-handle-default-ports-in-auth-stripping.patch
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
%description
|
||||
|
@ -142,6 +148,10 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} %{__python3} -m pytest -v
|
|||
|
||||
|
||||
%changelog
|
||||
* Fri Nov 1 2019 Charalampos Stratakis <cstratak@redhat.com> - 2.20.0-3
|
||||
- Properly handle default ports when stripping the authorization header
|
||||
Resolves: rhbz#1762422
|
||||
|
||||
* Thu Apr 25 2019 Tomas Orsava <torsava@redhat.com> - 2.20.0-2
|
||||
- Bumping due to problems with modular RPM upgrade path
|
||||
- Resolves: rhbz#1695587
|
||||
|
|
Loading…
Reference in New Issue