Update to 1.26.5

2021-06-16 10:11:46 +02:00 · 2021-06-16 10:11:46 +02:00 · 10fdc786b1
commit 10fdc786b1
parent c423116066
4 changed files with 13 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -30,3 +30,4 @@
 /urllib3-1.25.8.tar.gz
 /urllib3-1.25.10.tar.gz
 /urllib3-1.26.4.tar.gz
+/urllib3-1.26.5.tar.gz
--- a/python-urllib3.spec
+++ b/python-urllib3.spec
@ -5,13 +5,15 @@
 %bcond_with tests

 Name:           python-%{srcname}
-Version:        1.26.4
+Version:        1.26.5
 Release:        1%{?dist}
 Summary:        Python HTTP library with thread-safe connection pooling and file post

 License:        MIT
 URL:            https://github.com/urllib3/urllib3
 Source0:        %{url}/archive/%{version}/%{srcname}-%{version}.tar.gz
+# Unbundle ssl_match_hostname since we depend on it
+Source1:        ssl_match_hostname_py3.py
 BuildArch:      noarch

 %description
@ -91,10 +93,10 @@ sed -i -e 's/^import mock/from unittest import mock/' \
 # Unbundle the Python 3 build
 rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py
 rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/six.*
-rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname/_implementation.py
-rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname/__pycache__/_implementation.*
+rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname/

 mkdir -p %{buildroot}/%{python3_sitelib}/urllib3/packages/
+cp -a %{SOURCE1} %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname.py
 ln -s %{python3_sitelib}/six.py %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py
 ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.opt-1.pyc \
      %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/
@ -116,6 +118,11 @@ ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.pyc \


 %changelog
+* Wed Jun 16 2021 Karolina Surma <ksurma@redhat.com> - 1.26.5-1
+- Update to 1.26.5
+- Fix for CVE-2021-33503 Catastrophic backtracking in URL authority parser
+Resolves: rhbz#1972639
+
 * Tue May 18 2021 Miro Hrončok <mhroncok@redhat.com> - 1.26.4-1
 - Update to 1.26.4
 Resolves: rhbz#1935737
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (urllib3-1.26.4.tar.gz) = c770ae93e024af2bd79145d90426ad56f89184a4a02a55551bf54680a1ba369e683080e1899f00d57efcb085145e29a189f502ae6b41e572de111909297fb4e6
+SHA512 (urllib3-1.26.5.tar.gz) = d4a97aa05f9138cbd2fceadd6268f55f1389a57abccc44f6dfd7755778d417a6648f081ceefd376b27c17e384ccc81caf49f0ea23b4d9ac8e347a06d85cb4639
--- a/ssl_match_hostname_py3.py
+++ b/ssl_match_hostname_py3.py
@ -0,0 +1 @@
+from ssl import match_hostname, CertificateError
				`@ -0,0 +1 @@`
				`from ssl import match_hostname, CertificateError`