import UBI python-urllib3-1.26.5-5.el9_4.1
This commit is contained in:
parent
695dc8a6f0
commit
1b43723584
38
SOURCES/Add-server_hostname-to-SSL_KEYWORDS.patch
Normal file
38
SOURCES/Add-server_hostname-to-SSL_KEYWORDS.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
From f1d40fd07f7b5d9cf846a18fb5a920b4be07dfc5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Hasan Ramezani <hasan.r67@gmail.com>
|
||||||
|
Date: Thu, 20 Jan 2022 15:56:02 +0100
|
||||||
|
Subject: [PATCH] [1.26] Add server_hostname to SSL_KEYWORDS
|
||||||
|
|
||||||
|
---
|
||||||
|
src/urllib3/poolmanager.py | 1 +
|
||||||
|
test/with_dummyserver/test_poolmanager.py | 5 +++++
|
||||||
|
2 files changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/urllib3/poolmanager.py b/src/urllib3/poolmanager.py
|
||||||
|
index 3a31a285bf..ca4ec34118 100644
|
||||||
|
--- a/src/urllib3/poolmanager.py
|
||||||
|
+++ b/src/urllib3/poolmanager.py
|
||||||
|
@@ -34,6 +34,7 @@
|
||||||
|
"ca_cert_dir",
|
||||||
|
"ssl_context",
|
||||||
|
"key_password",
|
||||||
|
+ "server_hostname",
|
||||||
|
)
|
||||||
|
|
||||||
|
# All known keyword arguments that could be provided to the pool manager, its
|
||||||
|
diff --git a/test/with_dummyserver/test_poolmanager.py b/test/with_dummyserver/test_poolmanager.py
|
||||||
|
index d877cc99ac..fa07a372a9 100644
|
||||||
|
--- a/test/with_dummyserver/test_poolmanager.py
|
||||||
|
+++ b/test/with_dummyserver/test_poolmanager.py
|
||||||
|
@@ -346,6 +346,11 @@ def test_http_with_ssl_keywords(self):
|
||||||
|
r = http.request("GET", "http://%s:%s/" % (self.host, self.port))
|
||||||
|
assert r.status == 200
|
||||||
|
|
||||||
|
+ def test_http_with_server_hostname(self):
|
||||||
|
+ with PoolManager(server_hostname="example.com") as http:
|
||||||
|
+ r = http.request("GET", "http://%s:%s/" % (self.host, self.port))
|
||||||
|
+ assert r.status == 200
|
||||||
|
+
|
||||||
|
def test_http_with_ca_cert_dir(self):
|
||||||
|
with PoolManager(ca_certs="REQUIRED", ca_cert_dir="/nosuchdir") as http:
|
||||||
|
r = http.request("GET", "http://%s:%s/" % (self.host, self.port))
|
66
SOURCES/CVE-2024-37891.patch
Normal file
66
SOURCES/CVE-2024-37891.patch
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
From 3606f6166c000213f1e1e9bace3c12f924dd0132 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Quentin Pradet <quentin.pradet@gmail.com>
|
||||||
|
Date: Wed, 26 Jun 2024 15:56:34 +0200
|
||||||
|
Subject: [PATCH] Merge pull request from GHSA-34jh-p97f-mpxf
|
||||||
|
|
||||||
|
* [1.26] Strip Proxy-Authorization header on redirects
|
||||||
|
|
||||||
|
* Set release date
|
||||||
|
---
|
||||||
|
src/urllib3/util/retry.py | 4 +++-
|
||||||
|
test/test_retry.py | 6 +++++-
|
||||||
|
test/test_retry_deprecated.py | 6 +++++-
|
||||||
|
3 files changed, 13 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
|
||||||
|
index 63c02ee..42fa619 100644
|
||||||
|
--- a/src/urllib3/util/retry.py
|
||||||
|
+++ b/src/urllib3/util/retry.py
|
||||||
|
@@ -217,7 +217,9 @@ class Retry(object):
|
||||||
|
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
|
||||||
|
|
||||||
|
#: Default headers to be used for ``remove_headers_on_redirect``
|
||||||
|
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
|
||||||
|
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(
|
||||||
|
+ ["Cookie", "Authorization", "Proxy-Authorization"]
|
||||||
|
+ )
|
||||||
|
|
||||||
|
#: Maximum backoff time.
|
||||||
|
BACKOFF_MAX = 120
|
||||||
|
diff --git a/test/test_retry.py b/test/test_retry.py
|
||||||
|
index e9270bb..cf60bf1 100644
|
||||||
|
--- a/test/test_retry.py
|
||||||
|
+++ b/test/test_retry.py
|
||||||
|
@@ -293,7 +293,11 @@ class TestRetry(object):
|
||||||
|
def test_retry_default_remove_headers_on_redirect(self):
|
||||||
|
retry = Retry()
|
||||||
|
|
||||||
|
- assert retry.remove_headers_on_redirect == {"authorization", "cookie"}
|
||||||
|
+ assert retry.remove_headers_on_redirect == {
|
||||||
|
+ "authorization",
|
||||||
|
+ "proxy-authorization",
|
||||||
|
+ "cookie",
|
||||||
|
+ }
|
||||||
|
|
||||||
|
def test_retry_set_remove_headers_on_redirect(self):
|
||||||
|
retry = Retry(remove_headers_on_redirect=["X-API-Secret"])
|
||||||
|
diff --git a/test/test_retry_deprecated.py b/test/test_retry_deprecated.py
|
||||||
|
index d18f94c..a107f7b 100644
|
||||||
|
--- a/test/test_retry_deprecated.py
|
||||||
|
+++ b/test/test_retry_deprecated.py
|
||||||
|
@@ -295,7 +295,11 @@ class TestRetry(object):
|
||||||
|
def test_retry_default_remove_headers_on_redirect(self):
|
||||||
|
retry = Retry()
|
||||||
|
|
||||||
|
- assert retry.remove_headers_on_redirect == {"authorization", "cookie"}
|
||||||
|
+ assert retry.remove_headers_on_redirect == {
|
||||||
|
+ "authorization",
|
||||||
|
+ "proxy-authorization",
|
||||||
|
+ "cookie",
|
||||||
|
+ }
|
||||||
|
|
||||||
|
def test_retry_set_remove_headers_on_redirect(self):
|
||||||
|
retry = Retry(remove_headers_on_redirect=["X-API-Secret"])
|
||||||
|
--
|
||||||
|
2.44.0
|
||||||
|
|
@ -6,7 +6,7 @@
|
|||||||
|
|
||||||
Name: python-%{srcname}
|
Name: python-%{srcname}
|
||||||
Version: 1.26.5
|
Version: 1.26.5
|
||||||
Release: 5%{?dist}
|
Release: 5%{?dist}.1
|
||||||
Summary: Python HTTP library with thread-safe connection pooling and file post
|
Summary: Python HTTP library with thread-safe connection pooling and file post
|
||||||
|
|
||||||
License: MIT
|
License: MIT
|
||||||
@ -32,6 +32,17 @@ Patch1: CVE-2023-43804.patch
|
|||||||
# Upstream fix: https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9
|
# Upstream fix: https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9
|
||||||
Patch2: CVE-2023-45803.patch
|
Patch2: CVE-2023-45803.patch
|
||||||
|
|
||||||
|
# PoolManager.urlopen fails with TypeError for http connection if the PoolManager is instantiated with server_hostname
|
||||||
|
# Tracking bug: https://issues.redhat.com/browse/RHEL-39285
|
||||||
|
# Upstream fix: https://github.com/urllib3/urllib3/commit/f1d40fd07f7b5d9cf846a18fb5a920b4be07dfc5
|
||||||
|
Patch3: Add-server_hostname-to-SSL_KEYWORDS.patch
|
||||||
|
|
||||||
|
# CVE-2024-37891
|
||||||
|
# Proxy-authorization request header is not stripped during cross-origin redirects.
|
||||||
|
# Tracking bug: https://issues.redhat.com/browse/RHEL-43172
|
||||||
|
# Upstream fix: https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468
|
||||||
|
Patch4: CVE-2024-37891.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Python HTTP module with connection pooling and file POST abilities.
|
Python HTTP module with connection pooling and file POST abilities.
|
||||||
|
|
||||||
@ -134,6 +145,12 @@ ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.pyc \
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 18 2024 Tomáš Hrnčiar <thrnciar@redhat.com> - 1.26.5-5.1
|
||||||
|
- Security fix for CVE-2024-37891
|
||||||
|
- Backport upstream patch to fix TypeError for http connection if the PoolManager
|
||||||
|
- is instantiated with server_hostname
|
||||||
|
Resolves: RHEL-49853
|
||||||
|
|
||||||
* Tue Dec 12 2023 Lumír Balhar <lbalhar@redhat.com> - 1.26.5-5
|
* Tue Dec 12 2023 Lumír Balhar <lbalhar@redhat.com> - 1.26.5-5
|
||||||
- Security fix for CVE-2023-45803
|
- Security fix for CVE-2023-45803
|
||||||
Resolves: RHEL-16874
|
Resolves: RHEL-16874
|
||||||
|
Loading…
Reference in New Issue
Block a user