Update to v2.20.0

This fixes CVE-2018-18074.
2018-10-29 13:49:15 -04:00 · 2018-10-29 13:49:15 -04:00 · ffc9beb883
commit ffc9beb883
parent a2a25ac328
5 changed files with 15 additions and 47 deletions
--- a/.gitignore
+++ b/.gitignore
@ -39,3 +39,4 @@
 /requests-v2.18.4.tar.gz
 /requests-v2.19.0.tar.gz
 /requests-v2.19.1.tar.gz
+/requests-v2.20.0.tar.gz
--- a/dont-import-OrderedDict-from-urllib3.patch
+++ b/dont-import-OrderedDict-from-urllib3.patch
@ -1,28 +0,0 @@
-From 152550287d6538e5cc7649bcf685a5a0b35058dd Mon Sep 17 00:00:00 2001
-From: Jeremy Cline <jcline@redhat.com>
-Date: Tue, 12 Jun 2018 14:06:00 -0400
-Subject: [PATCH] Don't import OrderedDict from urllib3
-
-We unbundle urllib3, just use collections (py2.7+)
-
-Signed-off-by: Jeremy Cline <jcline@redhat.com>
---
- requests/compat.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/requests/compat.py b/requests/compat.py
-index 6b9c6fac..6ba6e460 100644
--- a/requests/compat.py
-+++ b/requests/compat.py
-@@ -45,7 +45,7 @@ if is_py2:
-     from StringIO import StringIO
-     from collections import Callable, Mapping, MutableMapping
- 
-    from urllib3.packages.ordered_dict import OrderedDict
-+    from collections import OrderedDict  # py2.7+
- 
-     builtin_str = str
-     bytes = str
-- 
-2.17.1
-
--- a/patch-requests-certs.py-to-use-the-system-CA-bundle.patch
+++ b/patch-requests-certs.py-to-use-the-system-CA-bundle.patch
@ -1,4 +1,4 @@
-From fd9ab446d8479360d2c1c8252508d97d58ed3e0e Mon Sep 17 00:00:00 2001
+From a8ef690988f92a56226f8b688f1a3638346bca8e Mon Sep 17 00:00:00 2001
 From: Jeremy Cline <jeremy@jcline.org>
 Date: Mon, 19 Jun 2017 16:09:02 -0400
 Subject: [PATCH] Patch requests/certs.py to use the system CA bundle
@ -10,7 +10,7 @@ Signed-off-by: Jeremy Cline <jeremy@jcline.org>
 2 files changed, 10 insertions(+), 2 deletions(-)

 diff --git a/requests/certs.py b/requests/certs.py
-index d1a378d..7b103ba 100644
+index d1a378d7..7b103baf 100644
 --- a/requests/certs.py
 +++ b/requests/certs.py
@@ -11,8 +11,17 @@ only one — the one from the certifi package.
@ -33,17 +33,17 @@ index d1a378d..7b103ba 100644
 if __name__ == '__main__':
     print(where())
 diff --git a/setup.py b/setup.py
-index 93a8507..2db9569 100755
+index 4e2ad936..60de5861 100755
 --- a/setup.py
 +++ b/setup.py
@@ -45,7 +45,6 @@ requires = [
     'chardet>=3.0.2,<3.1.0',
     'idna>=2.5,<2.8',
-     'urllib3>=1.21.1,<1.24',
+     'urllib3>=1.21.1,<1.25',
 -    'certifi>=2017.4.17'
 
 ]
- test_requirements = ['pytest-httpbin==0.0.7', 'pytest-cov', 'pytest-mock', 'pytest-xdist', 'PySocks>=1.5.6, !=1.5.7', 'pytest>=2.8.0']
+ test_requirements = [
 -- 
-2.9.4
+2.19.1

--- a/python-requests.spec
+++ b/python-requests.spec
@ -9,8 +9,8 @@


 Name:           python-requests
-Version:        2.19.1
-Release:        3%{?dist}
+Version:        2.20.0
+Release:        1%{?dist}
 Summary:        HTTP library, written in Python, for human beings

 License:        ASL 2.0
@ -20,14 +20,6 @@ Source0:        https://github.com/requests/requests/archive/v%{version}/request
 # https://bugzilla.redhat.com/show_bug.cgi?id=904614
 Patch0:         patch-requests-certs.py-to-use-the-system-CA-bundle.patch

-# Remove an unnecessary reference to a bundled compat lib in urllib3
-# Some discussion with upstream:
-# - https://twitter.com/sigmavirus24/status/529816751651819520
-# - https://github.com/kennethreitz/requests/issues/1811
-# - https://github.com/kennethreitz/requests/pull/1812
-Patch1:         dont-import-OrderedDict-from-urllib3.patch
-
-
 # https://bugzilla.redhat.com/show_bug.cgi?id=1450608
 Patch2:         Remove-tests-that-use-the-tarpit.patch

@ -135,18 +127,21 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} %{__python3} -m pytest -v

 %files -n python2-requests
 %license LICENSE
-%doc README.rst HISTORY.rst
+%doc README.md HISTORY.md
 %{python2_sitelib}/*.egg-info
 %{python2_sitelib}/requests/

 %files -n python%{python3_pkgversion}-requests
 %license LICENSE
-%doc README.rst HISTORY.rst
+%doc README.md HISTORY.md
 %{python3_sitelib}/*.egg-info
 %{python3_sitelib}/requests/


 %changelog
+* Mon Oct 29 2018 Jeremy Cline <jeremy@jcline.org> - 2.20.0-1
+- Update to v2.20.0
+
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.19.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (requests-v2.19.1.tar.gz) = 00adbbe63c88117fce25e4e2de4ddfb62f87276d627f97aaf8bc4afbf59a921cac57b87f51a0d99167b42d311fe8ca9723b2c5d3a9e04fb0ee318bf90fd9d4ed
+SHA512 (requests-v2.20.0.tar.gz) = 766c69d1778e7286232fcd750842e89cd9bb6637076e80fe95fb67f3ccb14049bf74a533de91ef9451ac6f397ad0a6d148eb444009f501178138cdeffc5ee7c4