import UBI python-requests-2.32.3-2.el10

.gitignore

@@ -1 +1 @@
-SOURCES/requests-v2.20.0.tar.gz
+requests-v2.32.3.tar.gz

.python-requests.metadata

@@ -1 +0,0 @@
-2c0728fc3aca17419b2b574341a0b019e117d4f5 SOURCES/requests-v2.20.0.tar.gz

SOURCES/Don-t-inject-pyopenssl-into-urllib3.patch

@@ -1,38 +0,0 @@
-From 86b1fa39fdebdb7bc57131c1a198d4d18e104f95 Mon Sep 17 00:00:00 2001
-From: Jeremy Cline <jeremy@jcline.org>
-Date: Mon, 16 Apr 2018 10:35:35 -0400
-Subject: [PATCH] Don't inject pyopenssl into urllib3
-
-Fedora ships sufficiently new versions of Python 2 and 3 to make this
-unnecessary (rhbz 1567862)
-
-Signed-off-by: Jeremy Cline <jeremy@jcline.org>
----
- requests/__init__.py | 7 -------
- 1 file changed, 7 deletions(-)
-
-diff --git a/requests/__init__.py b/requests/__init__.py
-index a5b3c9c3..e312d314 100644
---- a/requests/__init__.py
-+++ b/requests/__init__.py
-@@ -90,17 +90,6 @@ except (AssertionError, ValueError):
-                   "version!".format(urllib3.__version__, chardet.__version__),
-                   RequestsDependencyWarning)
- 
--# Attempt to enable urllib3's SNI support, if possible
--try:
--    from urllib3.contrib import pyopenssl
--    pyopenssl.inject_into_urllib3()
--
--    # Check cryptography version
--    from cryptography import __version__ as cryptography_version
--    _check_cryptography(cryptography_version)
--except ImportError:
--    pass
--
- # urllib3's DependencyWarnings should be silenced.
- from urllib3.exceptions import DependencyWarning
- warnings.simplefilter('ignore', DependencyWarning)
--- 
-2.17.0
-

SOURCES/Remove-tests-that-use-the-tarpit.patch

@@ -1,55 +0,0 @@
-From 524cd22fb77e69db9bb3f017bbb1d9782c37b0cd Mon Sep 17 00:00:00 2001
-From: Jeremy Cline <jeremy@jcline.org>
-Date: Tue, 13 Jun 2017 09:08:09 -0400
-Subject: [PATCH] Remove tests that use the tarpit
-
-The latest version of Mock has started using systemd containers. The
-systemd-nspawn command is being run with --private-network, which
-immediately kills connections to something other than localhost. These
-tests depend on the connection not being killed immediately and that
-they are never responded to.
-
-Signed-off-by: Jeremy Cline <jeremy@jcline.org>
----
- tests/test_requests.py | 25 -------------------------
- 1 file changed, 25 deletions(-)
-
-diff --git a/tests/test_requests.py b/tests/test_requests.py
-index b8350cb..46b7e9e 100755
---- a/tests/test_requests.py
-+++ b/tests/test_requests.py
-@@ -2049,31 +2049,6 @@ class TestTimeout:
-         except ReadTimeout:
-             pass
- 
--    @pytest.mark.parametrize(
--        'timeout', (
--            (0.1, None),
--            Urllib3Timeout(connect=0.1, read=None)
--        ))
--    def test_connect_timeout(self, timeout):
--        try:
--            requests.get(TARPIT, timeout=timeout)
--            pytest.fail('The connect() request should time out.')
--        except ConnectTimeout as e:
--            assert isinstance(e, ConnectionError)
--            assert isinstance(e, Timeout)
--
--    @pytest.mark.parametrize(
--        'timeout', (
--            (0.1, 0.1),
--            Urllib3Timeout(connect=0.1, read=0.1)
--        ))
--    def test_total_timeout_connect(self, timeout):
--        try:
--            requests.get(TARPIT, timeout=timeout)
--            pytest.fail('The connect() request should time out.')
--        except ConnectTimeout:
--            pass
--
-     def test_encoded_methods(self, httpbin):
-         """See: https://github.com/requests/requests/issues/2316"""
-         r = requests.request(b'GET', httpbin('get'))
--- 
-2.9.4
-

SOURCES/Skip-all-tests-needing-httpbin.patch

@@ -1,33 +0,0 @@
-From 650da6c0267ba711d9d02d2bba8d79540437055f Mon Sep 17 00:00:00 2001
-From: Tomas Orsava <torsava@redhat.com>
-Date: Wed, 13 Jun 2018 15:44:42 +0200
-Subject: [PATCH] Skip all tests needing httpbin
-
-httpbin has too many dependencies to be shipped in RHEL just for
-build-time package tests
----
- tests/conftest.py | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/tests/conftest.py b/tests/conftest.py
-index cd64a76..6cdc95a 100644
---- a/tests/conftest.py
-+++ b/tests/conftest.py
-@@ -15,10 +15,12 @@ def prepare_url(value):
- 
- 
- @pytest.fixture
--def httpbin(httpbin):
-+def httpbin():
-+    pytest.skip()
-     return prepare_url(httpbin)
- 
- 
- @pytest.fixture
--def httpbin_secure(httpbin_secure):
-+def httpbin_secure():
-+    pytest.skip()
-     return prepare_url(httpbin_secure)
--- 
-2.14.4
-

SOURCES/patch-requests-certs.py-to-use-the-system-CA-bundle.patch

@@ -1,49 +0,0 @@
-From a8ef690988f92a56226f8b688f1a3638346bca8e Mon Sep 17 00:00:00 2001
-From: Jeremy Cline <jeremy@jcline.org>
-Date: Mon, 19 Jun 2017 16:09:02 -0400
-Subject: [PATCH] Patch requests/certs.py to use the system CA bundle
-
-Signed-off-by: Jeremy Cline <jeremy@jcline.org>
----
- requests/certs.py | 11 ++++++++++-
- setup.py          |  1 -
- 2 files changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/requests/certs.py b/requests/certs.py
-index d1a378d7..7b103baf 100644
---- a/requests/certs.py
-+++ b/requests/certs.py
-@@ -11,8 +11,17 @@ only one — the one from the certifi package.
- If you are packaging Requests, e.g., for a Linux distribution or a managed
- environment, you can change the definition of where() to return a separately
- packaged CA bundle.
-+
-+This Fedora-patched package returns "/etc/pki/tls/certs/ca-bundle.crt" provided
-+by the ca-certificates RPM package.
- """
--from certifi import where
-+try:
-+    from certifi import where
-+except ImportError:
-+    def where():
-+        """Return the absolute path to the system CA bundle."""
-+        return '/etc/pki/tls/certs/ca-bundle.crt'
-+
- 
- if __name__ == '__main__':
-     print(where())
-diff --git a/setup.py b/setup.py
-index 4e2ad936..60de5861 100755
---- a/setup.py
-+++ b/setup.py
-@@ -45,7 +45,6 @@ requires = [
-     'chardet>=3.0.2,<3.1.0',
-     'idna>=2.5,<2.8',
-     'urllib3>=1.21.1,<1.25',
--    'certifi>=2017.4.17'
- 
- ]
- test_requirements = [
--- 
-2.19.1
-

SOURCES/properly-handle-default-ports-in-auth-stripping.patch

@@ -1,67 +0,0 @@
-diff --git a/requests/sessions.py b/requests/sessions.py
-index a448bd8..d73d700 100644
---- a/requests/sessions.py
-+++ b/requests/sessions.py
-@@ -19,7 +19,7 @@ from .cookies import (
- from .models import Request, PreparedRequest, DEFAULT_REDIRECT_LIMIT
- from .hooks import default_hooks, dispatch_hook
- from ._internal_utils import to_native_string
--from .utils import to_key_val_list, default_headers
-+from .utils import to_key_val_list, default_headers, DEFAULT_PORTS
- from .exceptions import (
-     TooManyRedirects, InvalidSchema, ChunkedEncodingError, ContentDecodingError)
- 
-@@ -128,8 +128,17 @@ class SessionRedirectMixin(object):
-         if (old_parsed.scheme == 'http' and old_parsed.port in (80, None)
-                 and new_parsed.scheme == 'https' and new_parsed.port in (443, None)):
-             return False
-+
-+        # Handle default port usage corresponding to scheme.
-+        changed_port = old_parsed.port != new_parsed.port
-+        changed_scheme = old_parsed.scheme != new_parsed.scheme
-+        default_port = (DEFAULT_PORTS.get(old_parsed.scheme, None), None)
-+        if (not changed_scheme and old_parsed.port in default_port
-+                and new_parsed.port in default_port):
-+            return False
-+
-         # Standard case: root URI must match
--        return old_parsed.port != new_parsed.port or old_parsed.scheme != new_parsed.scheme
-+        return changed_port or changed_scheme
- 
-     def resolve_redirects(self, resp, req, stream=False, timeout=None,
-                           verify=True, cert=None, proxies=None, yield_requests=False, **adapter_kwargs):
-diff --git a/requests/utils.py b/requests/utils.py
-index 0ce7fe1..04145c8 100644
---- a/requests/utils.py
-+++ b/requests/utils.py
-@@ -38,6 +38,8 @@ NETRC_FILES = ('.netrc', '_netrc')
- 
- DEFAULT_CA_BUNDLE_PATH = certs.where()
- 
-+DEFAULT_PORTS = {'http': 80, 'https': 443}
-+
- 
- if sys.platform == 'win32':
-     # provide a proxy_bypass version on Windows without DNS lookups
-diff --git a/tests/test_requests.py b/tests/test_requests.py
-index f46561e..f99fdaf 100644
---- a/tests/test_requests.py
-+++ b/tests/test_requests.py
-@@ -1611,6 +1611,17 @@ class TestRequests:
-         s = requests.Session()
-         assert s.should_strip_auth('http://example.com:1234/foo', 'https://example.com:4321/bar')
- 
-+    @pytest.mark.parametrize(
-+        'old_uri, new_uri', (
-+            ('https://example.com:443/foo', 'https://example.com/bar'),
-+            ('http://example.com:80/foo', 'http://example.com/bar'),
-+            ('https://example.com/foo', 'https://example.com:443/bar'),
-+            ('http://example.com/foo', 'http://example.com:80/bar')
-+        ))
-+    def test_should_strip_auth_default_port(self, old_uri, new_uri):
-+        s = requests.Session()
-+        assert not s.should_strip_auth(old_uri, new_uri)
-+
-     def test_manual_redirect_with_partial_body_read(self, httpbin):
-         s = requests.Session()
-         r1 = s.get(httpbin('redirect/2'), allow_redirects=False, stream=True)

SOURCES/requests-2.12.4-tests_nonet.patch

@@ -1,11 +0,0 @@
---- requests-2.12.4/tests/testserver/server.py	2016-12-21 11:31:56.000000000 -0800
-+++ requests-2.12.4/tests/testserver/server.py.new	2016-12-30 10:40:06.085995065 -0800
-@@ -27,7 +27,7 @@
-     """Dummy server using for unit testing"""
-     WAIT_EVENT_TIMEOUT = 5
- 
--    def __init__(self, handler=None, host='localhost', port=0, requests_to_handle=1, wait_to_close_event=None):
-+    def __init__(self, handler=None, host='127.0.0.1', port=0, requests_to_handle=1, wait_to_close_event=None):
-         super(Server, self).__init__()
- 
-         self.handler = handler or consume_socket_content

python-requests.spec

@@ -1,43 +1,37 @@
-%bcond_without tests
+# When bootstrapping Python, we cannot test this yet
-%bcond_without python3
+# RHEL does not include the test dependencies
+%bcond tests    %{undefined rhel}
+# The extras are disabled on RHEL to avoid pysocks and deprecated requests[security]
+%bcond extras   %{undefined rhel}
 
 Name:           python-requests
-Version:        2.20.0
+Version:        2.32.3
-Release:        3%{?dist}
+Release:        2%{?dist}
 Summary:        HTTP library, written in Python, for human beings
 
-License:        ASL 2.0
+License:        Apache-2.0
 URL:            https://pypi.io/project/requests
-Source0:        https://github.com/requests/requests/archive/v%{version}/requests-v%{version}.tar.gz
+Source:         https://github.com/requests/requests/archive/v%{version}/requests-v%{version}.tar.gz
+
 # Explicitly use the system certificates in ca-certificates.
 # https://bugzilla.redhat.com/show_bug.cgi?id=904614
-Patch0:         patch-requests-certs.py-to-use-the-system-CA-bundle.patch
+Patch:          system-certs.patch
 
-# https://bugzilla.redhat.com/show_bug.cgi?id=1450608
+# Add support for IPv6 CIDR in no_proxy setting
-Patch2:         Remove-tests-that-use-the-tarpit.patch
+# This functionality is needed in Openshift and it has been
-
+# proposed for upstream in 2021 but the PR unfortunately stalled.
-# Use 127.0.0.1 not localhost for socket.bind() in the Server test
+# Upstream PR: https://github.com/psf/requests/pull/5953
-# class, to fix tests in Koji's no-network environment
+# This change is backported also into RHEL 9.4 (via CS)
-# This probably isn't really upstreamable, because I guess localhost
+Patch:          support_IPv6_CIDR_in_no_proxy.patch
-# could technically be IPv6 or something, and our no-network env is
-# a pretty odd one so this is a niche requirement.
-Patch3:         requests-2.12.4-tests_nonet.patch
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=1567862
-Patch4:         Don-t-inject-pyopenssl-into-urllib3.patch
-
-# Skip all tests needing httpbin
-#   httpbin has too many dependencies to be shipped in RHEL just for
-#   build-time package tests
-Patch5:         Skip-all-tests-needing-httpbin.patch
-
-# Properly handle default ports when stripping the authorization header.
-# This fixes a regression introduced with fixing CVE-2018-18074.
-# Fixed upstream: https://github.com/psf/requests/pull/4851
-# Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1762422
-Patch6:         properly-handle-default-ports-in-auth-stripping.patch
 
 BuildArch:      noarch
+BuildRequires:  python%{python3_pkgversion}-devel
+%if %{with tests}
+BuildRequires:  python3dist(pytest)
+BuildRequires:  python3dist(pytest-httpbin)
+BuildRequires:  python3dist(pytest-mock)
+BuildRequires:  python3dist(trustme)
+%endif
 
 %description
 Most existing Python modules for sending HTTP requests are extremely verbose and
@@ -45,54 +39,9 @@ cumbersome. Python’s built-in urllib2 module provides most of the HTTP
 capabilities you should need, but the API is thoroughly broken. This library is
 designed to make HTTP requests easy for developers.
 
-%package -n python2-requests
-Summary: HTTP library, written in Python, for human beings
-%{?python_provide:%python_provide python2-requests}
 
-BuildRequires:  python2-devel
-BuildRequires:  python2-chardet
-BuildRequires:  python2-urllib3
-BuildRequires:  python2-idna
-%if %{with tests}
-BuildRequires:  python2-pytest
-BuildRequires:  python2-pytest-mock
-%endif
-
-
-Requires:       ca-certificates
-Requires:       python2-chardet
-Requires:       python2-urllib3
-Requires:       python2-idna
-
-%if 0%{?rhel} && 0%{?rhel} <= 6
-BuildRequires:  python-ordereddict
-Requires:       python-ordereddict
-%endif
-
-%description -n python2-requests
-Most existing Python modules for sending HTTP requests are extremely verbose and
-cumbersome. Python’s built-in urllib2 module provides most of the HTTP
-capabilities you should need, but the API is thoroughly broken. This library is
-designed to make HTTP requests easy for developers.
-
-%if %{with python3}
 %package -n python%{python3_pkgversion}-requests
-Summary: HTTP library, written in Python, for human beings
+Summary:        %{summary}
-
-%{?python_provide:%python_provide python%{python3_pkgversion}-requests}
-
-BuildRequires:  python%{python3_pkgversion}-devel
-BuildRequires:  python%{python3_pkgversion}-chardet
-BuildRequires:  python%{python3_pkgversion}-urllib3
-BuildRequires:  python%{python3_pkgversion}-idna
-%if %{with tests}
-BuildRequires:  python%{python3_pkgversion}-pytest
-BuildRequires:  python%{python3_pkgversion}-pytest-mock
-%endif
-
-Requires:       python%{python3_pkgversion}-chardet
-Requires:       python%{python3_pkgversion}-urllib3
-Requires:       python%{python3_pkgversion}-idna
 
 %description -n python%{python3_pkgversion}-requests
 Most existing Python modules for sending HTTP requests are extremely verbose and
@@ -100,89 +49,242 @@ cumbersome. Python’s built-in urllib2 module provides most of the HTTP
 capabilities you should need, but the API is thoroughly broken. This library is
 designed to make HTTP requests easy for developers.
 
+
+%if %{with extras}
+%pyproject_extras_subpkg -n python%{python3_pkgversion}-requests security socks
 %endif
 
+
+%generate_buildrequires
+%pyproject_buildrequires %{?with_extras:-x security,socks}
+
+
 %prep
 %autosetup -p1 -n requests-%{version}
 
-# Unbundle the certificate bundle from mozilla.
-rm -rf requests/cacert.pem
-
 # env shebang in nonexecutable file
-sed -i '/#!\/usr\/.*python/d' requests/certs.py
+sed -i '/#!\/usr\/.*python/d' src/requests/certs.py
+
+# Some doctests use the internet and fail to pass in Koji. Since doctests don't have names, I don't
+# know a way to skip them. We also don't want to patch them out, because patching them out will
+# change the docs. Thus, we set pytest not to run doctests at all.
+sed -i 's/ --doctest-modules//' pyproject.toml
+
 
 %build
-%py2_build
+%pyproject_wheel
-%if %{with python3}
+
-%py3_build
-%endif
 
 %install
-%py2_install
+%pyproject_install
-%if %{with python3}
+%pyproject_save_files requests
-%py3_install
+
-%endif
 
-%if %{with tests}
 %check
-PYTHONPATH=%{buildroot}%{python2_sitelib} %{__python2} -m pytest -v
+%pyproject_check_import
-%if %{with python3}
+%if %{with tests}
-PYTHONPATH=%{buildroot}%{python3_sitelib} %{__python3} -m pytest -v
+# test_unicode_header_name - reported: https://github.com/psf/requests/issues/6734
+# test_use_proxy_from_environment needs pysocks
+%pytest -v tests -k "not test_unicode_header_name %{!?with_extras:and not test_use_proxy_from_environment}"
 %endif
-%endif # tests
 
 
-%files -n python2-requests
+%files -n python%{python3_pkgversion}-requests -f %{pyproject_files}
 %license LICENSE
 %doc README.md HISTORY.md
-%{python2_sitelib}/*.egg-info
-%{python2_sitelib}/requests/
-
-%if %{with python3}
-%files -n python%{python3_pkgversion}-requests
-%license LICENSE
-%doc README.md HISTORY.md
-%{python3_sitelib}/*.egg-info
-%{python3_sitelib}/requests/
-%endif
 
 
 %changelog
-* Fri Nov 1 2019 Charalampos Stratakis <cstratak@redhat.com> - 2.20.0-3
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.32.3-2
-- Properly handle default ports when stripping the authorization header
+- Bump release for October 2024 mass rebuild:
-Resolves: rhbz#1762422
+  Resolves: RHEL-64018
 
-* Thu Apr 25 2019 Tomas Orsava <torsava@redhat.com> - 2.20.0-2
+* Wed Jun 26 2024 Lumír Balhar <lbalhar@redhat.com> - 2.32.3-1
-- Bumping due to problems with modular RPM upgrade path
+- Update to 2.32.3
-- Resolves: rhbz#1695587
+- Fix for CVE-2024-35195
+Resolves: RHEL-37604
+- Add support for IPv6 CIDR in no_proxy setting
+Resolves: RHEL-32523
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.31.0-4
+- Bump release for June 2024 mass rebuild
+
+* Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.31.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.31.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Oct 16 2023 Tomáš Hrnčiar <thrnciar@redhat.com> - 2.31.0-1
+- Update to 2.31.0
+- Fixes: rhbz#2189970
+
+* Tue Oct 10 2023 Miro Hrončok <mhroncok@redhat.com> - 2.28.2-7
+- Do not package requests[security] and requests[socks] on RHEL
+- Make the package build even when urllib3 won't pull in pysocks
+
+* Tue Aug 08 2023 Karolina Surma <ksurma@redhat.com> - 2.28.2-6
+- Declare the license as an SPDX expression
+
+* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.28.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Sat Jul 01 2023 Python Maint <python-maint@redhat.com> - 2.28.2-4
+- Rebuilt for Python 3.12
+
+* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 2.28.2-3
+- Bootstrap for Python 3.12
+
+* Tue May 23 2023 Miro Hrončok <mhroncok@redhat.com> - 2.28.2-2
+- Security fix for CVE-2023-32681
+- https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q
+
+* Wed Feb 01 2023 Lumír Balhar <lbalhar@redhat.com> - 2.28.2-1
+- Update to 2.28.2 (rhbz#2160527)
+
+* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.28.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Sep 13 2022 Kevin Fenzi <kevin@scrye.com> - 2.28.1-3
+- Enable all tests and drop no longer needed test patch.
+
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.28.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Tue Jul 12 2022 Adam Williamson <awilliam@redhat.com> - 2.28.1-1
+- Update to 2.28.1, rediff patches
+
+* Mon Jun 20 2022 Lumír Balhar <lbalhar@redhat.com> - 2.27.1-5
+- Allow charset_normalizer 2.1.0 and newer up to 3.0.0
+
+* Tue Jun 14 2022 Python Maint <python-maint@redhat.com> - 2.27.1-4
+- Rebuilt for Python 3.11
+
+* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 2.27.1-3
+- Bootstrap for Python 3.11
+
+* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.27.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Sat Jan 08 2022 Kevin Fenzi <kevin@scrye.com> - 2.27.1-1
+- Update to 2.27.1. Fixes rhbz#2037431
+
+* Tue Jan 04 2022 Adam Williamson <awilliam@redhat.com> - 2.27.0-1
+- Update to 2.27.0
+- Re-enable test_https_warnings as it works with pytest-httpbin 1.0.0 now
+- Re-enable test_pyopenssl_redirect, it seems to work too
+
+* Sun Jul 25 2021 Lumír Balhar <lbalhar@redhat.com> - 2.26.0-1
+- Update to 2.26.0
+Resolves: rhbz#1981856
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.25.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 2.25.1-3
+- Rebuilt for Python 3.10
+
+* Wed Jun 02 2021 Python Maint <python-maint@redhat.com> - 2.25.1-2
+- Bootstrap for Python 3.10
+
+* Tue Feb 02 2021 Kevin Fenzi <kevin@scrye.com> - 2.25.1-1
+- Update 2.25.1. Fix is rhbz#1908487
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.25.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Nov 25 2020 Petr Viktorin <pviktori@redhat.com> - 2.25.0-1
+- Update to 2.25.0
+
+* Fri Nov 13 2020 Miro Hrončok <mhroncok@redhat.com> - 2.24.0-5
+- Don't BR pytest-cov
+
+* Fri Sep 18 2020 Petr Viktorin <pviktori@redhat.com> - 2.24.0-4
+- Port to pyproject macros
+
+* Fri Sep 18 2020 Miro Hrončok <mhroncok@redhat.com> - 2.24.0-3
+- Build with pytest 6, older version is no longer required
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.24.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jul 10 2020 Miro Hrončok <mhroncok@redhat.com> - 2.24.0-1
+- Update to 2.24.0
+- Resolves rhbz#1848104
+
+* Fri Jul 10 2020 Miro Hrončok <mhroncok@redhat.com> - 2.23.0-5
+- Add requests[security] and requests[socks] subpackages
+
+* Sat May 30 2020 Miro Hrončok <mhroncok@redhat.com> - 2.23.0-4
+- Test with pytest 4, drop manual requires
+
+* Mon May 25 2020 Miro Hrončok <mhroncok@redhat.com> - 2.23.0-3
+- Rebuilt for Python 3.9
+
+* Fri May 22 2020 Miro Hrončok <mhroncok@redhat.com> - 2.23.0-2
+- Bootstrap for Python 3.9
+
+* Fri Feb 21 2020 Randy Barlow <bowlofeggs@fedoraproject.org> - 2.23.0-1
+- Update to 2.23.0 (#1804863).
+- https://requests.readthedocs.io/en/latest/community/updates/
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.22.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Tue Oct 22 2019 Charalampos Stratakis <cstratak@redhat.com> - 2.22.0-7
+- Remove the python2 subpackage (rhbz#1761787)
+
+* Wed Sep 18 2019 Petr Viktorin <pviktori@redhat.com> - 2.22.0-6
+- Python 2: Remove tests and test dependencies
+
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 2.22.0-5
+- Rebuilt for Python 3.8
+
+* Thu Aug 15 2019 Miro Hrončok <mhroncok@redhat.com> - 2.22.0-4
+- Bootstrap for Python 3.8
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.22.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Jun 11 2019 Yatin Karel <ykarel@redhat.com> - 2.22.0-2
+- Add minimum requirement for chardet and urllib3
+
+* Thu May 23 2019 Jeremy Cline <jcline@redhat.com> - 2.22.0-1
+- Update to v2.22.0
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.21.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Dec 13 2018 Jeremy Cline <jeremy@jcline.org> - 2.21.0-1
+- Update to v2.21.0
+- Don't rely on certifi being patched properly to use the system CA bundle
+
+* Mon Nov 26 2018 Miro Hrončok <mhroncok@redhat.com> - 2.20.0-2
+- No pytest-httpbin for Python 2
 
 * Mon Oct 29 2018 Jeremy Cline <jeremy@jcline.org> - 2.20.0-1
-- Update to v2.20.0 for CVE-2018-18074.
+- Update to v2.20.0
 
-* Tue Jul 31 2018 Lumír Balhar <lbalhar@redhat.com> - 2.19.1-5
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.19.1-3
-- Make possible to disable python3 subpackage
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
-* Mon Jul 16 2018 Lumír Balhar <lbalhar@redhat.com> - 2.19.1-4
+* Mon Jun 18 2018 Miro Hrončok <mhroncok@redhat.com> - 2.19.1-2
-- First version for python27 module
+- Rebuilt for Python 3.7
 
-* Thu Jun 21 2018 Lumír Balhar <lbalhar@redhat.com> - 2.19.1-3
+* Thu Jun 14 2018 Jeremy Cline <jeremy@jcline.org> - 2.19.1-1
-- Allow build with Python 2
-
-* Tue Jun 19 2018 Charalampos Stratakis <cstratak@redhat.com> - 2.19.1-2
-- Remove the python-pytest-cov dependency
-
-* Tue Jun 19 2018 Jeremy Cline <jeremy@jcline.org> - 2.19.1-1
 - Update to v2.19.1 (rhbz 1591531)
 
-* Tue Jun 19 2018 Jeremy Cline <jeremy@jcline.org> - 2.19.0-1
+* Thu Jun 14 2018 Miro Hrončok <mhroncok@redhat.com> - 2.19.0-2
+- Bootstrap for Python 3.7
+
+* Tue Jun 12 2018 Jeremy Cline <jeremy@jcline.org> - 2.19.0-1
 - Update to v2.19.0 (rhbz 1590508)
 
-* Wed Jun 13 2018 Tomas Orsava <torsava@redhat.com> - 2.18.4-6
+* Fri Jun 08 2018 Jeremy Cline <jeremy@jcline.org> - 2.18.4-6
-- Skip all tests needing httpbin: httpbin has too many dependencies to be
+- Don't print runtime warning about urllib3 v1.23 (rhbz 1589306)
-  shipped in RHEL just for build-time package tests
 
-* Tue Jun 12 2018 Tomas Orsava <torsava@redhat.com> - 2.18.4-5
+* Tue Jun 05 2018 Jeremy Cline <jeremy@jcline.org> - 2.18.4-5
-- BR idna, or the tests fail to start
+- Allow urllib3 v1.23 (rhbz 1586311)
 
 * Mon Apr 16 2018 Jeremy Cline <jeremy@jcline.org> - 2.18.4-4
 - Stop injecting PyOpenSSL (rhbz 1567862)

sources

@@ -0,0 +1 @@
+SHA512 (requests-v2.32.3.tar.gz) = ea3e85e035efed0fe22bf8640491ffb20c2ac50359bb1e11c9147ed850cac5e4a6a36ab58a48fc6c6d6a44df2b511e8a5d902444c034da6baa6adc5f9417697f

support_IPv6_CIDR_in_no_proxy.patch

@@ -0,0 +1,277 @@
+From 91526670ad66e83e799459cb23b031b88bb680b4 Mon Sep 17 00:00:00 2001
+From: Derek Higgins <derekh@redhat.com>
+Date: Thu, 30 May 2024 11:15:18 +0200
+Subject: [PATCH 2/2] Add ipv6 support to should_bypass_proxies
+
+Add support to should_bypass_proxies to support
+IPv6 ipaddresses and CIDRs in no_proxy. Includes
+adding IPv6 support to various other helper functions.
+
+Co-authored-by: Lumir Balhar <lbalhar@redhat.com>
+---
+ src/requests/utils.py | 83 ++++++++++++++++++++++++++++++++++++-------
+ tests/test_utils.py   | 66 +++++++++++++++++++++++++++++++---
+ 2 files changed, 132 insertions(+), 17 deletions(-)
+
+diff --git a/src/requests/utils.py b/src/requests/utils.py
+index ae6c42f..0363698 100644
+--- a/src/requests/utils.py
++++ b/src/requests/utils.py
+@@ -679,18 +679,46 @@ def requote_uri(uri):
+         return quote(uri, safe=safe_without_percent)
+ 
+ 
++def _get_mask_bits(mask, totalbits=32):
++    """Converts a mask from /xx format to a int
++    to be used as a mask for IP's in int format
++
++    Example: if mask is 24 function returns 0xFFFFFF00
++             if mask is 24 and totalbits=128 function
++                returns 0xFFFFFF00000000000000000000000000
++
++    :rtype: int
++    """
++    bits = ((1 << mask) - 1) << (totalbits - mask)
++    return bits
++
++
+ def address_in_network(ip, net):
+     """This function allows you to check if an IP belongs to a network subnet
+ 
+     Example: returns True if ip = 192.168.1.1 and net = 192.168.1.0/24
+              returns False if ip = 192.168.1.1 and net = 192.168.100.0/24
++             returns True if ip = 1:2:3:4::1 and net = 1:2:3:4::/64
+ 
+     :rtype: bool
+     """
+-    ipaddr = struct.unpack("=L", socket.inet_aton(ip))[0]
+     netaddr, bits = net.split("/")
+-    netmask = struct.unpack("=L", socket.inet_aton(dotted_netmask(int(bits))))[0]
+-    network = struct.unpack("=L", socket.inet_aton(netaddr))[0] & netmask
++    if is_ipv4_address(ip) and is_ipv4_address(netaddr):
++        ipaddr = struct.unpack(">L", socket.inet_aton(ip))[0]
++        netmask = _get_mask_bits(int(bits))
++        network = struct.unpack(">L", socket.inet_aton(netaddr))[0]
++    elif is_ipv6_address(ip) and is_ipv6_address(netaddr):
++        ipaddr_msb, ipaddr_lsb = struct.unpack(
++            ">QQ", socket.inet_pton(socket.AF_INET6, ip)
++        )
++        ipaddr = (ipaddr_msb << 64) ^ ipaddr_lsb
++        netmask = _get_mask_bits(int(bits), 128)
++        network_msb, network_lsb = struct.unpack(
++            ">QQ", socket.inet_pton(socket.AF_INET6, netaddr)
++        )
++        network = (network_msb << 64) ^ network_lsb
++    else:
++        return False
+     return (ipaddr & netmask) == (network & netmask)
+ 
+ 
+@@ -710,12 +738,39 @@ def is_ipv4_address(string_ip):
+     :rtype: bool
+     """
+     try:
+-        socket.inet_aton(string_ip)
++        socket.inet_pton(socket.AF_INET, string_ip)
++    except OSError:
++        return False
++    return True
++
++
++def is_ipv6_address(string_ip):
++    """
++    :rtype: bool
++    """
++    try:
++        socket.inet_pton(socket.AF_INET6, string_ip)
+     except OSError:
+         return False
+     return True
+ 
+ 
++def compare_ips(a, b):
++    """
++    Compare 2 IP's, uses socket.inet_pton to normalize IPv6 IPs
++
++    :rtype: bool
++    """
++    if a == b:
++        return True
++    try:
++        return socket.inet_pton(socket.AF_INET6, a) == socket.inet_pton(
++            socket.AF_INET6, b
++        )
++    except OSError:
++        return False
++
++
+ def is_valid_cidr(string_network):
+     """
+     Very simple check of the cidr format in no_proxy variable.
+@@ -723,17 +778,19 @@ def is_valid_cidr(string_network):
+     :rtype: bool
+     """
+     if string_network.count("/") == 1:
++        address, mask = string_network.split("/")
+         try:
+-            mask = int(string_network.split("/")[1])
++            mask = int(mask)
+         except ValueError:
+             return False
+ 
+-        if mask < 1 or mask > 32:
+-            return False
+-
+-        try:
+-            socket.inet_aton(string_network.split("/")[0])
+-        except OSError:
++        if is_ipv4_address(address):
++            if mask < 1 or mask > 32:
++                return False
++        elif is_ipv6_address(address):
++            if mask < 1 or mask > 128:
++                return False
++        else:
+             return False
+     else:
+         return False
+@@ -790,12 +847,12 @@ def should_bypass_proxies(url, no_proxy):
+         # the end of the hostname, both with and without the port.
+         no_proxy = (host for host in no_proxy.replace(" ", "").split(",") if host)
+ 
+-        if is_ipv4_address(parsed.hostname):
++        if is_ipv4_address(parsed.hostname) or is_ipv6_address(parsed.hostname):
+             for proxy_ip in no_proxy:
+                 if is_valid_cidr(proxy_ip):
+                     if address_in_network(parsed.hostname, proxy_ip):
+                         return True
+-                elif parsed.hostname == proxy_ip:
++                elif compare_ips(parsed.hostname, proxy_ip):
+                     # If no_proxy ip was defined in plain IP notation instead of cidr notation &
+                     # matches the IP of the index
+                     return True
+diff --git a/tests/test_utils.py b/tests/test_utils.py
+index 5e9b56e..befbb46 100644
+--- a/tests/test_utils.py
++++ b/tests/test_utils.py
+@@ -14,9 +14,11 @@ from requests._internal_utils import unicode_is_ascii
+ from requests.cookies import RequestsCookieJar
+ from requests.structures import CaseInsensitiveDict
+ from requests.utils import (
++    _get_mask_bits,
+     _parse_content_type_header,
+     add_dict_to_cookiejar,
+     address_in_network,
++    compare_ips,
+     dotted_netmask,
+     extract_zipped_paths,
+     get_auth_from_url,
+@@ -263,8 +265,15 @@ class TestIsIPv4Address:
+ 
+ 
+ class TestIsValidCIDR:
+-    def test_valid(self):
+-        assert is_valid_cidr("192.168.1.0/24")
++    @pytest.mark.parametrize(
++        "value",
++        (
++            "192.168.1.0/24",
++            "1:2:3:4::/64",
++        ),
++    )
++    def test_valid(self, value):
++        assert is_valid_cidr(value)
+ 
+     @pytest.mark.parametrize(
+         "value",
+@@ -274,6 +283,11 @@ class TestIsValidCIDR:
+             "192.168.1.0/128",
+             "192.168.1.0/-1",
+             "192.168.1.999/24",
++            "1:2:3:4::1",
++            "1:2:3:4::/a",
++            "1:2:3:4::0/321",
++            "1:2:3:4::/-1",
++            "1:2:3:4::12211/64",
+         ),
+     )
+     def test_invalid(self, value):
+@@ -287,6 +301,12 @@ class TestAddressInNetwork:
+     def test_invalid(self):
+         assert not address_in_network("172.16.0.1", "192.168.1.0/24")
+ 
++    def test_valid_v6(self):
++        assert address_in_network("1:2:3:4::1111", "1:2:3:4::/64")
++
++    def test_invalid_v6(self):
++        assert not address_in_network("1:2:3:4:1111", "1:2:3:4::/124")
++
+ 
+ class TestGuessFilename:
+     @pytest.mark.parametrize(
+@@ -722,6 +742,11 @@ def test_urldefragauth(url, expected):
+         ("http://172.16.1.12:5000/", False),
+         ("http://google.com:5000/v1.0/", False),
+         ("file:///some/path/on/disk", True),
++        ("http://[1:2:3:4:5:6:7:8]:5000/", True),
++        ("http://[1:2:3:4::1]/", True),
++        ("http://[1:2:3:9::1]/", True),
++        ("http://[1:2:3:9:0:0:0:1]/", True),
++        ("http://[1:2:3:9::2]/", False),
+     ),
+ )
+ def test_should_bypass_proxies(url, expected, monkeypatch):
+@@ -730,11 +755,11 @@ def test_should_bypass_proxies(url, expected, monkeypatch):
+     """
+     monkeypatch.setenv(
+         "no_proxy",
+-        "192.168.0.0/24,127.0.0.1,localhost.localdomain,172.16.1.1, google.com:6000",
++        "192.168.0.0/24,127.0.0.1,localhost.localdomain,1:2:3:4::/64,1:2:3:9::1,172.16.1.1, google.com:6000",
+     )
+     monkeypatch.setenv(
+         "NO_PROXY",
+-        "192.168.0.0/24,127.0.0.1,localhost.localdomain,172.16.1.1, google.com:6000",
++        "192.168.0.0/24,127.0.0.1,localhost.localdomain,1:2:3:4::/64,1:2:3:9::1,172.16.1.1, google.com:6000",
+     )
+     assert should_bypass_proxies(url, no_proxy=None) == expected
+ 
+@@ -956,3 +981,36 @@ def test_should_bypass_proxies_win_registry_ProxyOverride_value(monkeypatch):
+     monkeypatch.setattr(winreg, "OpenKey", OpenKey)
+     monkeypatch.setattr(winreg, "QueryValueEx", QueryValueEx)
+     assert should_bypass_proxies("http://example.com/", None) is False
++
++
++@pytest.mark.parametrize(
++    "mask, totalbits, maskbits",
++    (
++        (24, None, 0xFFFFFF00),
++        (31, None, 0xFFFFFFFE),
++        (0, None, 0x0),
++        (4, 4, 0xF),
++        (24, 128, 0xFFFFFF00000000000000000000000000),
++    ),
++)
++def test__get_mask_bits(mask, totalbits, maskbits):
++    args = {"mask": mask}
++    if totalbits:
++        args["totalbits"] = totalbits
++    assert _get_mask_bits(**args) == maskbits
++
++
++@pytest.mark.parametrize(
++    "a, b, expected",
++    (
++        ("1.2.3.4", "1.2.3.4", True),
++        ("1.2.3.4", "2.2.3.4", False),
++        ("1::4", "1.2.3.4", False),
++        ("1::4", "1::4", True),
++        ("1::4", "1:0:0:0:0:0:0:4", True),
++        ("1::4", "1:0:0:0:0:0::4", True),
++        ("1::4", "1:0:0:0:0:0:1:4", False),
++    ),
++)
++def test_compare_ips(a, b, expected):
++    assert compare_ips(a, b) == expected
+-- 
+2.45.1
+

system-certs.patch

@@ -0,0 +1,59 @@
+From bb733473e91e71b812ada46bc110f607630f9327 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= <thrnciar@redhat.com>
+Date: Thu, 30 May 2024 11:10:29 +0200
+Subject: [PATCH 1/2] system certs
+
+Co-authored-by: Lumir Balhar <lbalhar@redhat.com>
+---
+ setup.cfg             | 1 -
+ setup.py              | 1 -
+ src/requests/certs.py | 8 +++++++-
+ 3 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/setup.cfg b/setup.cfg
+index 8d44e0e..fa10a53 100644
+--- a/setup.cfg
++++ b/setup.cfg
+@@ -4,7 +4,6 @@ provides-extra =
+     socks
+     use_chardet_on_py3
+ requires-dist =
+-    certifi>=2017.4.17
+     charset_normalizer>=2,<4
+     idna>=2.5,<4
+     urllib3>=1.21.1,<3
+diff --git a/setup.py b/setup.py
+index 1b0eb37..03d19b0 100755
+--- a/setup.py
++++ b/setup.py
+@@ -62,7 +62,6 @@ requires = [
+     "charset_normalizer>=2,<4",
+     "idna>=2.5,<4",
+     "urllib3>=1.21.1,<3",
+-    "certifi>=2017.4.17",
+ ]
+ test_requirements = [
+     "pytest-httpbin==2.0.0",
+diff --git a/src/requests/certs.py b/src/requests/certs.py
+index be422c3..9aee713 100644
+--- a/src/requests/certs.py
++++ b/src/requests/certs.py
+@@ -10,8 +10,14 @@ only one — the one from the certifi package.
+ If you are packaging Requests, e.g., for a Linux distribution or a managed
+ environment, you can change the definition of where() to return a separately
+ packaged CA bundle.
++
++This Fedora-patched package returns "/etc/pki/tls/certs/ca-bundle.crt" provided
++by the ca-certificates RPM package.
+ """
+-from certifi import where
++
++def where():
++    """Return the absolute path to the system CA bundle."""
++    return '/etc/pki/tls/certs/ca-bundle.crt'
+ 
+ if __name__ == "__main__":
+     print(where())
+-- 
+2.45.1
+