SOURCES/properly-handle-default-ports-in-auth-stripping.patch

@@ -1,67 +0,0 @@
-diff --git a/requests/sessions.py b/requests/sessions.py
-index a448bd8..d73d700 100644
---- a/requests/sessions.py
-+++ b/requests/sessions.py
-@@ -19,7 +19,7 @@ from .cookies import (
- from .models import Request, PreparedRequest, DEFAULT_REDIRECT_LIMIT
- from .hooks import default_hooks, dispatch_hook
- from ._internal_utils import to_native_string
--from .utils import to_key_val_list, default_headers
-+from .utils import to_key_val_list, default_headers, DEFAULT_PORTS
- from .exceptions import (
-     TooManyRedirects, InvalidSchema, ChunkedEncodingError, ContentDecodingError)
- 
-@@ -128,8 +128,17 @@ class SessionRedirectMixin(object):
-         if (old_parsed.scheme == 'http' and old_parsed.port in (80, None)
-                 and new_parsed.scheme == 'https' and new_parsed.port in (443, None)):
-             return False
-+
-+        # Handle default port usage corresponding to scheme.
-+        changed_port = old_parsed.port != new_parsed.port
-+        changed_scheme = old_parsed.scheme != new_parsed.scheme
-+        default_port = (DEFAULT_PORTS.get(old_parsed.scheme, None), None)
-+        if (not changed_scheme and old_parsed.port in default_port
-+                and new_parsed.port in default_port):
-+            return False
-+
-         # Standard case: root URI must match
--        return old_parsed.port != new_parsed.port or old_parsed.scheme != new_parsed.scheme
-+        return changed_port or changed_scheme
- 
-     def resolve_redirects(self, resp, req, stream=False, timeout=None,
-                           verify=True, cert=None, proxies=None, yield_requests=False, **adapter_kwargs):
-diff --git a/requests/utils.py b/requests/utils.py
-index 0ce7fe1..04145c8 100644
---- a/requests/utils.py
-+++ b/requests/utils.py
-@@ -38,6 +38,8 @@ NETRC_FILES = ('.netrc', '_netrc')
- 
- DEFAULT_CA_BUNDLE_PATH = certs.where()
- 
-+DEFAULT_PORTS = {'http': 80, 'https': 443}
-+
- 
- if sys.platform == 'win32':
-     # provide a proxy_bypass version on Windows without DNS lookups
-diff --git a/tests/test_requests.py b/tests/test_requests.py
-index f46561e..f99fdaf 100644
---- a/tests/test_requests.py
-+++ b/tests/test_requests.py
-@@ -1611,6 +1611,17 @@ class TestRequests:
-         s = requests.Session()
-         assert s.should_strip_auth('http://example.com:1234/foo', 'https://example.com:4321/bar')
- 
-+    @pytest.mark.parametrize(
-+        'old_uri, new_uri', (
-+            ('https://example.com:443/foo', 'https://example.com/bar'),
-+            ('http://example.com:80/foo', 'http://example.com/bar'),
-+            ('https://example.com/foo', 'https://example.com:443/bar'),
-+            ('http://example.com/foo', 'http://example.com:80/bar')
-+        ))
-+    def test_should_strip_auth_default_port(self, old_uri, new_uri):
-+        s = requests.Session()
-+        assert not s.should_strip_auth(old_uri, new_uri)
-+
-     def test_manual_redirect_with_partial_body_read(self, httpbin):
-         s = requests.Session()
-         r1 = s.get(httpbin('redirect/2'), allow_redirects=False, stream=True)

SPECS/python-requests.spec

@@ -1,9 +1,16 @@
+%if 0%{?_module_build}
+# Don't run tests on module-build for now
+# See: https://bugzilla.redhat.com/show_bug.cgi?id=1450608
+%bcond_with tests
+%else
+# When bootstrapping Python, we cannot test this yet
 %bcond_without tests
-%bcond_without python3
+%endif
+
 
 Name:           python-requests
 Version:        2.20.0
-Release:        3%{?dist}
+Release:        1%{?dist}
 Summary:        HTTP library, written in Python, for human beings
 
 License:        ASL 2.0
@@ -31,12 +38,6 @@ Patch4:         Don-t-inject-pyopenssl-into-urllib3.patch
 #   build-time package tests
 Patch5:         Skip-all-tests-needing-httpbin.patch
 
-# Properly handle default ports when stripping the authorization header.
-# This fixes a regression introduced with fixing CVE-2018-18074.
-# Fixed upstream: https://github.com/psf/requests/pull/4851
-# Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1762422
-Patch6:         properly-handle-default-ports-in-auth-stripping.patch
-
 BuildArch:      noarch
 
 %description
@@ -45,37 +46,6 @@ cumbersome. Python’s built-in urllib2 module provides most of the HTTP
 capabilities you should need, but the API is thoroughly broken. This library is
 designed to make HTTP requests easy for developers.
 
-%package -n python2-requests
-Summary: HTTP library, written in Python, for human beings
-%{?python_provide:%python_provide python2-requests}
-
-BuildRequires:  python2-devel
-BuildRequires:  python2-chardet
-BuildRequires:  python2-urllib3
-BuildRequires:  python2-idna
-%if %{with tests}
-BuildRequires:  python2-pytest
-BuildRequires:  python2-pytest-mock
-%endif
-
-
-Requires:       ca-certificates
-Requires:       python2-chardet
-Requires:       python2-urllib3
-Requires:       python2-idna
-
-%if 0%{?rhel} && 0%{?rhel} <= 6
-BuildRequires:  python-ordereddict
-Requires:       python-ordereddict
-%endif
-
-%description -n python2-requests
-Most existing Python modules for sending HTTP requests are extremely verbose and
-cumbersome. Python’s built-in urllib2 module provides most of the HTTP
-capabilities you should need, but the API is thoroughly broken. This library is
-designed to make HTTP requests easy for developers.
-
-%if %{with python3}
 %package -n python%{python3_pkgversion}-requests
 Summary: HTTP library, written in Python, for human beings
 
@@ -100,8 +70,6 @@ cumbersome. Python’s built-in urllib2 module provides most of the HTTP
 capabilities you should need, but the API is thoroughly broken. This library is
 designed to make HTTP requests easy for developers.
 
-%endif
-
 %prep
 %autosetup -p1 -n requests-%{version}
 
@@ -112,58 +80,32 @@ rm -rf requests/cacert.pem
 sed -i '/#!\/usr\/.*python/d' requests/certs.py
 
 %build
-%py2_build
-%if %{with python3}
 %py3_build
-%endif
+
 
 %install
-%py2_install
-%if %{with python3}
 %py3_install
-%endif
+
 
 %if %{with tests}
 %check
-PYTHONPATH=%{buildroot}%{python2_sitelib} %{__python2} -m pytest -v
-%if %{with python3}
 PYTHONPATH=%{buildroot}%{python3_sitelib} %{__python3} -m pytest -v
-%endif
 %endif # tests
 
-
-%files -n python2-requests
-%license LICENSE
-%doc README.md HISTORY.md
-%{python2_sitelib}/*.egg-info
-%{python2_sitelib}/requests/
-
-%if %{with python3}
 %files -n python%{python3_pkgversion}-requests
 %license LICENSE
 %doc README.md HISTORY.md
 %{python3_sitelib}/*.egg-info
 %{python3_sitelib}/requests/
-%endif
 
 
 %changelog
-* Fri Nov 1 2019 Charalampos Stratakis <cstratak@redhat.com> - 2.20.0-3
-- Properly handle default ports when stripping the authorization header
-Resolves: rhbz#1762422
-
-* Thu Apr 25 2019 Tomas Orsava <torsava@redhat.com> - 2.20.0-2
-- Bumping due to problems with modular RPM upgrade path
-- Resolves: rhbz#1695587
-
 * Mon Oct 29 2018 Jeremy Cline <jeremy@jcline.org> - 2.20.0-1
 - Update to v2.20.0 for CVE-2018-18074.
 
-* Tue Jul 31 2018 Lumír Balhar <lbalhar@redhat.com> - 2.19.1-5
+* Wed Jul 11 2018 Petr Viktorin <pviktori@redhat.com> - 2.19.1-4
-- Make possible to disable python3 subpackage
+- Remove the Python 2 subpackage
-
+  https://bugzilla.redhat.com/show_bug.cgi?id=1590396
-* Mon Jul 16 2018 Lumír Balhar <lbalhar@redhat.com> - 2.19.1-4
-- First version for python27 module
 
 * Thu Jun 21 2018 Lumír Balhar <lbalhar@redhat.com> - 2.19.1-3
 - Allow build with Python 2