From 780e4f65e849024081a0078519f98fb92b1af6c3 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 14 May 2025 19:25:45 +0000 Subject: [PATCH] import UBI python-urllib3-1.26.19-2.el10 --- .gitignore | 2 +- .python-urllib3.metadata | 1 - SOURCES/CVE-2019-11236.patch | 162 ------ SOURCES/CVE-2020-26137.patch | 37 -- SOURCES/CVE-2023-43804.patch | 39 -- SOURCES/CVE-2023-45803.patch | 94 --- SOURCES/CVE-2024-37891.patch | 39 -- ...LS_1.3_post-handshake_authentication.patch | 56 -- SOURCES/ssl_match_hostname_py3.py | 1 - SPECS/python-urllib3.spec | 398 ------------- python-urllib3.spec | 543 ++++++++++++++++++ sources | 1 + 12 files changed, 545 insertions(+), 828 deletions(-) delete mode 100644 .python-urllib3.metadata delete mode 100644 SOURCES/CVE-2019-11236.patch delete mode 100644 SOURCES/CVE-2020-26137.patch delete mode 100644 SOURCES/CVE-2023-43804.patch delete mode 100644 SOURCES/CVE-2023-45803.patch delete mode 100644 SOURCES/CVE-2024-37891.patch delete mode 100644 SOURCES/Enable_TLS_1.3_post-handshake_authentication.patch delete mode 100644 SOURCES/ssl_match_hostname_py3.py delete mode 100644 SPECS/python-urllib3.spec create mode 100644 python-urllib3.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore index d909b36..cc334aa 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/urllib3-1.24.2.tar.gz +urllib3-1.26.19.tar.gz diff --git a/.python-urllib3.metadata b/.python-urllib3.metadata deleted file mode 100644 index 27d256d..0000000 --- a/.python-urllib3.metadata +++ /dev/null @@ -1 +0,0 @@ -02f5f10287e42a0e9d8666bbec9c51c4aec5bfc7 SOURCES/urllib3-1.24.2.tar.gz diff --git a/SOURCES/CVE-2019-11236.patch b/SOURCES/CVE-2019-11236.patch deleted file mode 100644 index ccd8e85..0000000 --- a/SOURCES/CVE-2019-11236.patch +++ /dev/null @@ -1,162 +0,0 @@ -From 9f6aa6b5f06ecfcfea2084d88f377c6e9dba5ce2 Mon Sep 17 00:00:00 2001 -From: Ryan Petrello -Date: Tue, 30 Apr 2019 12:36:48 -0400 -Subject: [PATCH 1/3] prevent CVE-2019-9740 in 1.24.x - -adapted from https://github.com/python/cpython/pull/12755 ---- - test/test_util.py | 5 +++++ - src/urllib3/util/url.py | 8 ++++++++ - 2 files changed, 13 insertions(+) - -diff --git a/test/test_util.py b/test/test_util.py -index 73d9452..dc6ffd0 100644 ---- a/test/test_util.py -+++ b/test/test_util.py -@@ -200,6 +200,11 @@ class TestUtil(object): - with pytest.raises(ValueError): - parse_url('[::1') - -+ def test_parse_url_contains_control_characters(self): -+ # see CVE-2019-9740 -+ with pytest.raises(LocationParseError): -+ parse_url('http://localhost:8000/ HTTP/1.1\r\nHEADER: INJECTED\r\nIgnore:') -+ - def test_Url_str(self): - U = Url('http', host='google.com') - assert str(U) == U.url -diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py -index 6b6f996..e8e1bd7 100644 ---- a/src/urllib3/util/url.py -+++ b/src/urllib3/util/url.py -@@ -1,5 +1,6 @@ - from __future__ import absolute_import - from collections import namedtuple -+import re - - from ..exceptions import LocationParseError - -@@ -10,6 +11,8 @@ url_attrs = ['scheme', 'auth', 'host', 'port', 'path', 'query', 'fragment'] - # urllib3 infers URLs without a scheme (None) to be http. - NORMALIZABLE_SCHEMES = ('http', 'https', None) - -+_contains_disallowed_url_pchar_re = re.compile('[\x00-\x20\x7f]') -+ - - class Url(namedtuple('Url', url_attrs)): - """ -@@ -155,6 +158,11 @@ def parse_url(url): - # Empty - return Url() - -+ # Prevent CVE-2019-9740. -+ # adapted from https://github.com/python/cpython/pull/12755 -+ if _contains_disallowed_url_pchar_re.search(url): -+ raise LocationParseError("URL can't contain control characters. {!r}".format(url)) -+ - scheme = None - auth = None - host = None --- -2.20.1 - - -From ecc15bd412354ad916712113b0e426f8bc6cf52d Mon Sep 17 00:00:00 2001 -From: Ryan Petrello -Date: Wed, 1 May 2019 16:46:44 -0400 -Subject: [PATCH 2/3] avoid CVE-2019-9740 by percent-encoding invalid path - characters - -this is to avoid breaking changes in downstream libraries like requests ---- - test/test_util.py | 4 ++-- - src/urllib3/util/url.py | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/test/test_util.py b/test/test_util.py -index dc6ffd0..d139329 100644 ---- a/test/test_util.py -+++ b/test/test_util.py -@@ -202,8 +202,8 @@ class TestUtil(object): - - def test_parse_url_contains_control_characters(self): - # see CVE-2019-9740 -- with pytest.raises(LocationParseError): -- parse_url('http://localhost:8000/ HTTP/1.1\r\nHEADER: INJECTED\r\nIgnore:') -+ url = parse_url('http://localhost:8000/ HTTP/1.1\r\nHEADER: INJECTED\r\nIgnore:') -+ assert url.path == '/%20HTTP/1.1%0D%0AHEADER:%20INJECTED%0D%0AIgnore:' - - def test_Url_str(self): - U = Url('http', host='google.com') -diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py -index e8e1bd7..12b8d55 100644 ---- a/src/urllib3/util/url.py -+++ b/src/urllib3/util/url.py -@@ -3,6 +3,7 @@ from collections import namedtuple - import re - - from ..exceptions import LocationParseError -+from ..packages.six.moves.urllib.parse import quote - - - url_attrs = ['scheme', 'auth', 'host', 'port', 'path', 'query', 'fragment'] -@@ -160,8 +161,7 @@ def parse_url(url): - - # Prevent CVE-2019-9740. - # adapted from https://github.com/python/cpython/pull/12755 -- if _contains_disallowed_url_pchar_re.search(url): -- raise LocationParseError("URL can't contain control characters. {!r}".format(url)) -+ url = _contains_disallowed_url_pchar_re.sub(lambda match: quote(match.group()), url) - - scheme = None - auth = None --- -2.20.1 - - -From 6cda449df587fd37135ee76a9253dc8e12e53c05 Mon Sep 17 00:00:00 2001 -From: Seth Michael Larson -Date: Thu, 2 May 2019 09:02:24 -0500 -Subject: [PATCH 3/3] Also test unicode and query - ---- - test/test_util.py | 22 +++++++++++++++++++--- - 1 file changed, 19 insertions(+), 3 deletions(-) - -diff --git a/test/test_util.py b/test/test_util.py -index d139329..fa53aaf 100644 ---- a/test/test_util.py -+++ b/test/test_util.py -@@ -200,10 +200,26 @@ class TestUtil(object): - with pytest.raises(ValueError): - parse_url('[::1') - -- def test_parse_url_contains_control_characters(self): -+ @pytest.mark.parametrize('url, expected_url', [ -+ ( -+ 'http://localhost/ HTTP/1.1\r\nHEADER: INJECTED\r\nIgnore:', -+ Url('http', host='localhost', port=None, -+ path='/%20HTTP/1.1%0D%0AHEADER:%20INJECTED%0D%0AIgnore:') -+ ), -+ ( -+ u'http://localhost/ HTTP/1.1\r\nHEADER: INJECTED\r\nIgnore:', -+ Url('http', host='localhost', port=None, -+ path='/%20HTTP/1.1%0D%0AHEADER:%20INJECTED%0D%0AIgnore:') -+ ), -+ ( -+ 'http://localhost/ ?q=\r\n', -+ Url('http', host='localhost', path='/%20', query='q=%0D%0A') -+ ), -+ ]) -+ def test_parse_url_contains_control_characters(self, url, expected_url): - # see CVE-2019-9740 -- url = parse_url('http://localhost:8000/ HTTP/1.1\r\nHEADER: INJECTED\r\nIgnore:') -- assert url.path == '/%20HTTP/1.1%0D%0AHEADER:%20INJECTED%0D%0AIgnore:' -+ url = parse_url(url) -+ assert url == expected_url - - def test_Url_str(self): - U = Url('http', host='google.com') --- -2.20.1 - diff --git a/SOURCES/CVE-2020-26137.patch b/SOURCES/CVE-2020-26137.patch deleted file mode 100644 index 1ca32a8..0000000 --- a/SOURCES/CVE-2020-26137.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py -index 02b3665..1ab1890 100644 ---- a/src/urllib3/connection.py -+++ b/src/urllib3/connection.py -@@ -1,4 +1,5 @@ - from __future__ import absolute_import -+import re - import datetime - import logging - import os -@@ -61,6 +62,8 @@ port_by_scheme = { - # after 2016-01-01 (today - 2 years) AND before 2017-07-01 (today - 6 months) - RECENT_DATE = datetime.date(2017, 6, 30) - -+_CONTAINS_CONTROL_CHAR_RE = re.compile(r"[^-!#$%&'*+.^_`|~0-9a-zA-Z]") -+ - - class DummyConnection(object): - """Used to detect a failed ConnectionCls import.""" -@@ -181,6 +184,17 @@ class HTTPConnection(_HTTPConnection, object): - conn = self._new_conn() - self._prepare_conn(conn) - -+ def putrequest(self, method, url, *args, **kwargs): -+ """Send a request to the server""" -+ match = _CONTAINS_CONTROL_CHAR_RE.search(method) -+ if match: -+ raise ValueError( -+ "Method cannot contain non-token characters %r (found at least %r)" -+ % (method, match.group()) -+ ) -+ -+ return _HTTPConnection.putrequest(self, method, url, *args, **kwargs) -+ - def request_chunked(self, method, url, body=None, headers=None): - """ - Alternative to the common request method, which sends the diff --git a/SOURCES/CVE-2023-43804.patch b/SOURCES/CVE-2023-43804.patch deleted file mode 100644 index c553ab6..0000000 --- a/SOURCES/CVE-2023-43804.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 24603488c43a7cbaffcff7e69a72ad9bb4604acf Mon Sep 17 00:00:00 2001 -From: Lumir Balhar -Date: Thu, 12 Oct 2023 14:08:31 +0200 -Subject: [PATCH] CVE-2023-43804 - ---- - src/urllib3/util/retry.py | 2 +- - test/test_retry.py | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py -index 02429ee..c4a687c 100644 ---- a/src/urllib3/util/retry.py -+++ b/src/urllib3/util/retry.py -@@ -151,7 +151,7 @@ class Retry(object): - - RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503]) - -- DEFAULT_REDIRECT_HEADERS_BLACKLIST = frozenset(['Authorization']) -+ DEFAULT_REDIRECT_HEADERS_BLACKLIST = frozenset(['Cookie', 'Authorization']) - - #: Maximum backoff time. - BACKOFF_MAX = 120 -diff --git a/test/test_retry.py b/test/test_retry.py -index 7546c43..b6d52bf 100644 ---- a/test/test_retry.py -+++ b/test/test_retry.py -@@ -253,7 +253,7 @@ class TestRetry(object): - def test_retry_default_remove_headers_on_redirect(self): - retry = Retry() - -- assert list(retry.remove_headers_on_redirect) == ['authorization'] -+ assert retry.remove_headers_on_redirect == {'authorization', 'cookie'} - - def test_retry_set_remove_headers_on_redirect(self): - retry = Retry(remove_headers_on_redirect=['x-api-secret']) --- -2.41.0 - diff --git a/SOURCES/CVE-2023-45803.patch b/SOURCES/CVE-2023-45803.patch deleted file mode 100644 index d17514b..0000000 --- a/SOURCES/CVE-2023-45803.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 6f6011442b255b6c135c294500cf4d404f594d8a Mon Sep 17 00:00:00 2001 -From: Lumir Balhar -Date: Tue, 12 Dec 2023 10:21:34 +0100 -Subject: [PATCH] Security fix for CVE-2023-45803 - ---- - src/urllib3/_collections.py | 18 ++++++++++++++++++ - src/urllib3/connectionpool.py | 5 +++++ - src/urllib3/poolmanager.py | 7 +++++-- - 3 files changed, 28 insertions(+), 2 deletions(-) - -diff --git a/src/urllib3/_collections.py b/src/urllib3/_collections.py -index 34f2381..86fc900 100644 ---- a/src/urllib3/_collections.py -+++ b/src/urllib3/_collections.py -@@ -260,6 +260,24 @@ class HTTPHeaderDict(MutableMapping): - else: - return vals[1:] - -+ def _prepare_for_method_change(self): -+ """ -+ Remove content-specific header fields before changing the request -+ method to GET or HEAD according to RFC 9110, Section 15.4. -+ """ -+ content_specific_headers = [ -+ "Content-Encoding", -+ "Content-Language", -+ "Content-Location", -+ "Content-Type", -+ "Content-Length", -+ "Digest", -+ "Last-Modified", -+ ] -+ for header in content_specific_headers: -+ self.discard(header) -+ return self -+ - # Backwards compatibility for httplib - getheaders = getlist - getallmatchingheaders = getlist -diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py -index f7a8f19..ad6303c 100644 ---- a/src/urllib3/connectionpool.py -+++ b/src/urllib3/connectionpool.py -@@ -32,6 +32,7 @@ from .connection import ( - HTTPConnection, HTTPSConnection, VerifiedHTTPSConnection, - HTTPException, BaseSSLError, - ) -+from ._collections import HTTPHeaderDict - from .request import RequestMethods - from .response import HTTPResponse - -@@ -679,7 +680,11 @@ class HTTPConnectionPool(ConnectionPool, RequestMethods): - redirect_location = redirect and response.get_redirect_location() - if redirect_location: - if response.status == 303: -+ # Change the method according to RFC 9110, Section 15.4.4. - method = 'GET' -+ # And lose the body not to transfer anything sensitive. -+ body = None -+ headers = HTTPHeaderDict(headers)._prepare_for_method_change() - - try: - retries = retries.increment(method, url, response=response, _pool=self) -diff --git a/src/urllib3/poolmanager.py b/src/urllib3/poolmanager.py -index 32bd973..37557f9 100644 ---- a/src/urllib3/poolmanager.py -+++ b/src/urllib3/poolmanager.py -@@ -3,7 +3,7 @@ import collections - import functools - import logging - --from ._collections import RecentlyUsedContainer -+from ._collections import HTTPHeaderDict, RecentlyUsedContainer - from .connectionpool import HTTPConnectionPool, HTTPSConnectionPool - from .connectionpool import port_by_scheme - from .exceptions import LocationValueError, MaxRetryError, ProxySchemeUnknown -@@ -330,9 +330,12 @@ class PoolManager(RequestMethods): - # Support relative URLs for redirecting. - redirect_location = urljoin(url, redirect_location) - -- # RFC 7231, Section 6.4.4 - if response.status == 303: -+ # Change the method according to RFC 9110, Section 15.4.4. - method = 'GET' -+ # And lose the body not to transfer anything sensitive. -+ kw["body"] = None -+ kw["headers"] = HTTPHeaderDict(kw["headers"])._prepare_for_method_change() - - retries = kw.get('retries') - if not isinstance(retries, Retry): --- -2.43.0 - diff --git a/SOURCES/CVE-2024-37891.patch b/SOURCES/CVE-2024-37891.patch deleted file mode 100644 index 380de74..0000000 --- a/SOURCES/CVE-2024-37891.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 584378407efb03cef247320b541388f460cb72a2 Mon Sep 17 00:00:00 2001 -From: Lumir Balhar -Date: Mon, 1 Jul 2024 12:40:39 +0200 -Subject: [PATCH] CVE-2024-37891 - ---- - src/urllib3/util/retry.py | 2 +- - test/test_retry.py | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py -index c4a687c..8b86956 100644 ---- a/src/urllib3/util/retry.py -+++ b/src/urllib3/util/retry.py -@@ -151,7 +151,7 @@ class Retry(object): - - RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503]) - -- DEFAULT_REDIRECT_HEADERS_BLACKLIST = frozenset(['Cookie', 'Authorization']) -+ DEFAULT_REDIRECT_HEADERS_BLACKLIST = frozenset(['Cookie', 'Authorization', 'Proxy-Authorization']) - - #: Maximum backoff time. - BACKOFF_MAX = 120 -diff --git a/test/test_retry.py b/test/test_retry.py -index c6bba74..a525028 100644 ---- a/test/test_retry.py -+++ b/test/test_retry.py -@@ -253,7 +253,7 @@ class TestRetry(object): - def test_retry_default_remove_headers_on_redirect(self): - retry = Retry() - -- assert retry.remove_headers_on_redirect == {'authorization', 'cookie'} -+ assert retry.remove_headers_on_redirect == {'authorization', 'proxy-authorization', 'cookie'} - - def test_retry_set_remove_headers_on_redirect(self): - retry = Retry(remove_headers_on_redirect=['x-api-secret']) --- -2.45.2 - diff --git a/SOURCES/Enable_TLS_1.3_post-handshake_authentication.patch b/SOURCES/Enable_TLS_1.3_post-handshake_authentication.patch deleted file mode 100644 index ac903bb..0000000 --- a/SOURCES/Enable_TLS_1.3_post-handshake_authentication.patch +++ /dev/null @@ -1,56 +0,0 @@ -From c9ed53c284a6747f17366eab71ba8922e33910e2 Mon Sep 17 00:00:00 2001 -From: Lumir Balhar -Date: Wed, 28 Aug 2019 14:55:26 +0200 -Subject: [PATCH] Backported patch from: - https://github.com/urllib3/urllib3/commit/6a626be4ff623c25270e20db9002705bf4504e4e - -Enable TLS 1.3 post-handshake authentication ---- - src/urllib3/util/ssl_.py | 7 +++++++ - test/test_ssl.py | 15 +++++++++++++++ - 2 files changed, 22 insertions(+) - -diff --git a/src/urllib3/util/ssl_.py b/src/urllib3/util/ssl_.py -index 5ae4358..7dc4a5a 100644 ---- a/src/urllib3/util/ssl_.py -+++ b/src/urllib3/util/ssl_.py -@@ -280,6 +280,13 @@ def create_urllib3_context(ssl_version=None, cert_reqs=None, - - context.options |= options - -+ # Enable post-handshake authentication for TLS 1.3, see GH #1634. PHA is -+ # necessary for conditional client cert authentication with TLS 1.3. -+ # The attribute is None for OpenSSL <= 1.1.0 or does not exist in older -+ # versions of Python. -+ if getattr(context, "post_handshake_auth", None) is not None: -+ context.post_handshake_auth = True -+ - context.verify_mode = cert_reqs - if getattr(context, 'check_hostname', None) is not None: # Platform-specific: Python 3.2 - # We do our own verification, including fingerprints and alternative -diff --git a/test/test_ssl.py b/test/test_ssl.py -index 6a46b4f..3a99522 100644 ---- a/test/test_ssl.py -+++ b/test/test_ssl.py -@@ -125,3 +125,18 @@ def test_wrap_socket_default_loads_default_certs(monkeypatch): - ssl_.ssl_wrap_socket(sock) - - context.load_default_certs.assert_called_with() -+ -+ -+@pytest.mark.parametrize( -+ ["pha", "expected_pha"], [(None, None), (False, True), (True, True)] -+) -+def test_create_urllib3_context_pha(monkeypatch, pha, expected_pha): -+ context = mock.create_autospec(ssl_.SSLContext) -+ context.set_ciphers = mock.Mock() -+ context.options = 0 -+ context.post_handshake_auth = pha -+ monkeypatch.setattr(ssl_, "SSLContext", lambda *_, **__: context) -+ -+ assert ssl_.create_urllib3_context() is context -+ -+ assert context.post_handshake_auth == expected_pha --- -2.21.0 - diff --git a/SOURCES/ssl_match_hostname_py3.py b/SOURCES/ssl_match_hostname_py3.py deleted file mode 100644 index 99d425a..0000000 --- a/SOURCES/ssl_match_hostname_py3.py +++ /dev/null @@ -1 +0,0 @@ -from ssl import match_hostname, CertificateError diff --git a/SPECS/python-urllib3.spec b/SPECS/python-urllib3.spec deleted file mode 100644 index ad769b9..0000000 --- a/SPECS/python-urllib3.spec +++ /dev/null @@ -1,398 +0,0 @@ -%global srcname urllib3 - -Name: python-%{srcname} -Version: 1.24.2 -Release: 8%{?dist} -Summary: Python HTTP library with thread-safe connection pooling and file post - -License: MIT -URL: https://github.com/shazow/urllib3 -Source0: %{url}/archive/%{version}/%{srcname}-%{version}.tar.gz -# Used with Python 3.5+ -Source1: ssl_match_hostname_py3.py -BuildArch: noarch - -# CVE-2019-11236 python-urllib3: -# - CRLF injection due to not encoding the '\r\n' sequence leading to -# possible attack on internal service. -# - Also known as CVE-2019-9740 (duplicate entry) -# Backported from: -# * https://github.com/urllib3/urllib3/pull/1591 -# - Superfluous commits were omitted (flake8 checks, travis settings, macos patch) -# * https://github.com/urllib3/urllib3/pull/1593 -Patch1: CVE-2019-11236.patch - -# Enable post-handshake authentication for TLS 1.3 -# - https://github.com/urllib3/urllib3/issues/1634 -# - https://bugzilla.redhat.com/show_bug.cgi?id=1726743 -Patch2: Enable_TLS_1.3_post-handshake_authentication.patch - -# CVE-2020-26137 -# CRLF injection via HTTP request method -# Resolved upstream: https://github.com/urllib3/urllib3/pull/1800 -Patch3: CVE-2020-26137.patch - -# CVE-2023-43804 -# Added the `Cookie` header to the list of headers to strip from -# requests when redirecting to a different host. As before, different headers -# can be set via `Retry.remove_headers_on_redirect`. -# Tests backported only partially as we don't use the whole part of -# testing with dummyserver. -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=2242493 -# Upstream fix: https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb -Patch4: CVE-2023-43804.patch - -# CVE-2023-45803 -# Remove HTTP request body when request method is changed. -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-45803 -# Upstream fix: https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 -Patch5: CVE-2023-45803.patch - -# CVE-2024-37891 -# Added the `Proxy-Authorization` header to the list of headers to strip from requests -# when redirecting to a different host. -# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-37891 -# Upstream fix: https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468 -Patch6: CVE-2024-37891.patch - -%description -Python HTTP module with connection pooling and file POST abilities. - - -%package -n python3-%{srcname} -Summary: Python3 HTTP library with thread-safe connection pooling and file post - -BuildRequires: python3-devel -# For unittests -BuildRequires: python3-nose -BuildRequires: python3-mock -BuildRequires: python3-six -BuildRequires: python3-pysocks -BuildRequires: python3-pytest - -Requires: ca-certificates -Requires: python3-six -Requires: python3-pysocks - -%description -n python3-%{srcname} -Python3 HTTP module with connection pooling and file POST abilities. - - -%prep -%setup -q -n %{srcname}-%{version} - -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 - -# Make sure that the RECENT_DATE value doesn't get too far behind what the current date is. -# RECENT_DATE must not be older that 2 years from the build time, or else test_recent_date -# (from test/test_connection.py) would fail. However, it shouldn't be to close to the build time either, -# since a user's system time could be set to a little in the past from what build time is (because of timezones, -# corner cases, etc). As stated in the comment in src/urllib3/connection.py: -# When updating RECENT_DATE, move it to within two years of the current date, -# and not less than 6 months ago. -# Example: if Today is 2018-01-01, then RECENT_DATE should be any date on or -# after 2016-01-01 (today - 2 years) AND before 2017-07-01 (today - 6 months) -# There is also a test_ssl_wrong_system_time test (from test/with_dummyserver/test_https.py) that tests if -# user's system time isn't set as too far in the past, because it could lead to SSL verification errors. -# That is why we need RECENT_DATE to be set at most 2 years ago (or else test_ssl_wrong_system_time would -# result in false positive), but before at least 6 month ago (so this test could tolerate user's system time being -# set to some time in the past, but not to far away from the present). -# Next few lines update RECENT_DATE dynamically. - -recent_date=$(date --date "7 month ago" +"%Y, %_m, %_d") -sed -i "s/^RECENT_DATE = datetime.date(.*)/RECENT_DATE = datetime.date($recent_date)/" src/urllib3/connection.py - - -# Drop the dummyserver tests in koji. -# These require tornado, a Web framework otherwise unused in the distro. -rm -rf test/with_dummyserver/ -rm -rf test/test_connectionpool.py -rm -rf dummyserver/ -# Don't run the Google App Engine tests -rm -rf test/appengine/ -# Lots of these tests started failing, even for old versions, so it has something -# to do with Fedora in particular. They don't fail in upstream build infrastructure -rm -rf test/contrib/ - -# Tests for Python built without SSL, but RHEL builds with SSL. These tests -# fail when combined with the unbundling of backports-ssl_match_hostname -rm -f test/test_no_ssl.py - -%build -%py3_build - - -%install -%py3_install - -# Unbundle the Python 3 build -rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py* -rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/six* -rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname/ - -mkdir -p %{buildroot}/%{python3_sitelib}/urllib3/packages/ -ln -s %{python3_sitelib}/six.py \ - %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py -ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.opt-1.pyc \ - %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/ -ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.pyc \ - %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/ -# urllib3 requires Python 3.5 to use the standard library's match_hostname, -# which we ship in RHEL8, so we can safely replace the bundled version with -# this stub which imports the necessary objects. -cp %{SOURCE1} %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname.py - - -%check -pushd test -PYTHONPATH=%{buildroot}%{python3_sitelib}:%{python3_sitelib} %{__python3} -m pytest -v -popd - - -%files -n python3-%{srcname} -%license LICENSE.txt -%doc CHANGES.rst README.rst CONTRIBUTORS.txt -%{python3_sitelib}/urllib3/ -%{python3_sitelib}/urllib3-*.egg-info - - -%changelog -* Mon Jul 01 2024 Lumír Balhar - 1.24.2-8 -- Security fix for CVE-2024-37891 -Resolves: RHEL-45334 - -* Tue Dec 12 2023 Lumír Balhar - 1.24.2-7 -- Security fix for CVE-2023-45803 -Resolves: RHEL-16872 - -* Thu Oct 12 2023 Lumír Balhar - 1.24.2-6 -- Security fix for CVE-2023-43804 -Resolves: RHEL-11992 - -* Mon Nov 09 2020 Charalampos Stratakis - 1.24.2-5 -- Security fix for CVE-2020-26137 -Resolves: rhbz#1883889 - -* Wed Oct 30 2019 Anna Khaitovich - 1.24.2-4 -- Update RECENT_DATE dynamically -Resolves: rhbz#1761380 - -* Wed Aug 28 2019 Lumír Balhar - 1.24.2-3 -- Enable TLS 1.3 post-handshake authentication -- Adjust RECENT_DATE variable according to rules -Resolves: rhbz#1726743 - -* Wed May 22 2019 Tomas Orsava - 1.24.2-2 -- Rebuilding after gating was enabled -- Resolves: rhbz#1703361 rhbz#1706026 - -* Fri May 03 2019 Tomas Orsava - 1.24.2-1 -- Rebased to 1.24.2 to fix CVE-2019-11324 -- Added patches for CVE-2019-11236 (AKA CVE-2019-9740) -- Resolves: rhbz#1703361 rhbz#1706026 - -* Wed Jul 11 2018 Petr Viktorin - 1.23-5 -- Remove the Python 2 subpackage - https://bugzilla.redhat.com/show_bug.cgi?id=1590400 - -* Mon Jun 25 2018 Lumír Balhar - 1.23-4 -- Allow build with Python 2 - -* Wed Jun 20 2018 Petr Viktorin - 1.23-3 -- Skip tests that require tornado - -* Wed Jun 20 2018 Lumír Balhar - 1.23-2 -- Remove unneeded python3-psutil dependency - -* Tue Jun 05 2018 Jeremy Cline - 1.23-1 -- Update to the latest upstream release (rhbz 1586072) - -* Tue May 22 2018 Petr Viktorin - 1.22-10 -- Skip tests for python2 subpackage, due to missing dependencies (rhbz 1580882) - -* Thu May 03 2018 Lukas Slebodnik - 1.22-9 -- Do not lowercase hostnames with custom-protocol (rhbz 1567862) -- upstream: https://github.com/urllib3/urllib3/issues/1267 - -* Wed Apr 18 2018 Jeremy Cline - 1.22-8 -- Drop the dependency on idna and cryptography (rhbz 1567862) - -* Mon Apr 16 2018 Jeremy Cline - 1.22-7 -- Drop the dependency on PyOpenSSL, it's not needed (rhbz 1567862) - -* Fri Feb 09 2018 Fedora Release Engineering - 1.22-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild - -* Wed Jan 31 2018 Iryna Shcherbina - 1.22-5 -- Update Python 2 dependency declarations to new packaging standards - (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) - -* Thu Jan 25 2018 Tomas Hoger - 1.22-4 -- Fix FTBFS - Move RECENT_DATE to 2017-06-30 - -* Fri Dec 01 2017 Jeremy Cline - 1.22-3 -- Symlink the Python 3 bytecode for six (rbhz 1519147) - -* Thu Jul 27 2017 Fedora Release Engineering - 1.22-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild - -* Fri Jul 21 2017 Jeremy Cline - 1.22-1 -- Update to 1.22 (#1473293) - -* Wed May 17 2017 Jeremy Cline - 1.21.1-1 -- Update to 1.21.1 (#1445280) - -* Thu Feb 09 2017 Jeremy Cline - 1.20-1 -- Update to 1.20 (#1414775) - -* Tue Dec 13 2016 Stratakis Charalampos - 1.19.1-2 -- Rebuild for Python 3.6 - -* Thu Nov 17 2016 Jeremy Cline 1.19.1-1 -- Update to 1.19.1 -- Clean up the specfile to only support Fedora 26 - -* Wed Aug 10 2016 Kevin Fenzi - 1.16-3 -- Rebuild now that python-requests is ready to update. - -* Tue Jul 19 2016 Fedora Release Engineering - 1.16-2 -- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages - -* Wed Jun 15 2016 Kevin Fenzi - 1.16-1 -- Update to 1.16 - -* Thu Jun 02 2016 Ralph Bean - 1.15.1-3 -- Create python2 subpackage to comply with guidelines. - -* Wed Jun 01 2016 Ralph Bean - 1.15.1-2 -- Remove broken symlinks to unbundled python3-six files - https://bugzilla.redhat.com/show_bug.cgi?id=1295015 - -* Fri Apr 29 2016 Ralph Bean - 1.15.1-1 -- Removed patch for ipv6 support, now applied upstream. -- Latest version. -- New dep on pysocks. - -* Fri Feb 26 2016 Ralph Bean - 1.13.1-3 -- Apply patch from upstream to fix ipv6. - -* Thu Feb 04 2016 Fedora Release Engineering - 1.13.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Mon Dec 21 2015 Ralph Bean - 1.13.1-1 -- new version - -* Fri Dec 18 2015 Ralph Bean - 1.13-1 -- new version - -* Mon Dec 14 2015 Ralph Bean - 1.12-1 -- new version - -* Thu Oct 15 2015 Robert Kuska - 1.10.4-7 -- Rebuilt for Python3.5 rebuild - -* Sat Oct 10 2015 Ralph Bean - 1.10.4-6 -- Sync from PyPI instead of a git checkout. - -* Tue Sep 08 2015 Ralph Bean - 1.10.4-5.20150503gita91975b -- Drop requirement on python-backports-ssl_match_hostname on F22 and newer. - -* Thu Jun 18 2015 Fedora Release Engineering - 1.10.4-4.20150503gita91975b -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Mon Jun 08 2015 Ralph Bean - 1.10.4-3.20150503gita91975b -- Apply pyopenssl injection for an outdated cpython as per upstream advice - https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning - https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl - -* Tue May 19 2015 Ralph Bean - 1.10.4-2.20150503gita91975b -- Specify symlinks for six.py{c,o}, fixing rhbz #1222142. - -* Sun May 03 2015 Ralph Bean - 1.10.4-1.20150503gita91975b -- Latest release for python-requests-2.7.0 - -* Wed Apr 29 2015 Ralph Bean - 1.10.3-2.20150429git585983a -- Grab a git snapshot to get around this chunked encoding failure. - -* Wed Apr 22 2015 Ralph Bean - 1.10.3-1 -- new version - -* Thu Feb 26 2015 Ralph Bean - 1.10.2-1 -- new version - -* Wed Feb 18 2015 Ralph Bean - 1.10.1-1 -- new version - -* Wed Feb 18 2015 Ralph Bean - 1.10.1-1 -- new version - -* Mon Jan 05 2015 Ralph Bean - 1.10-2 -- Copy in a shim for ssl_match_hostname on python3. - -* Sun Dec 14 2014 Ralph Bean - 1.10-1 -- Latest upstream 1.10, for python-requests-2.5.0. -- Re-do unbundling without patch, with symlinks. -- Modernize python2 macros. -- Remove the with_dummyserver tests which fail only sometimes. - -* Wed Nov 05 2014 Ralph Bean - 1.9.1-1 -- Latest upstream, 1.9.1 for latest python-requests. - -* Mon Aug 4 2014 Tom Callaway - 1.8.2-4 -- fix license handling - -* Sun Jun 08 2014 Fedora Release Engineering - 1.8.2-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Wed May 14 2014 Bohuslav Kabrda - 1.8.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 - -* Mon Apr 21 2014 Arun S A G - 1.8.2-1 -- Update to latest upstream version - -* Mon Oct 28 2013 Ralph Bean - 1.7.1-2 -- Update patch to find ca_certs in the correct location. - -* Wed Sep 25 2013 Ralph Bean - 1.7.1-1 -- Latest upstream with support for a new timeout class and py3.4. - -* Wed Aug 28 2013 Ralph Bean - 1.7-3 -- Bump release again, just to push an unpaired update. - -* Mon Aug 26 2013 Ralph Bean - 1.7-2 -- Bump release to pair an update with python-requests. - -* Thu Aug 22 2013 Ralph Bean - 1.7-1 -- Update to latest upstream. -- Removed the accept-header proxy patch which is included in upstream now. -- Removed py2.6 compat patch which is included in upstream now. - -* Sun Aug 04 2013 Fedora Release Engineering - 1.5-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Tue Jun 11 2013 Toshio Kuratomi - 1.5-6 -- Fix Requires of python-ordereddict to only apply to RHEL - -* Fri Mar 1 2013 Toshio Kuratomi - 1.5-5 -- Unbundling finished! - -* Fri Mar 01 2013 Ralph Bean - 1.5-4 -- Upstream patch to fix Accept header when behind a proxy. -- Reorganize patch numbers to more clearly distinguish them. - -* Wed Feb 27 2013 Ralph Bean - 1.5-3 -- Renamed patches to python-urllib3-* -- Fixed ssl check patch to use the correct cert path for Fedora. -- Included dependency on ca-certificates -- Cosmetic indentation changes to the .spec file. - -* Tue Feb 5 2013 Toshio Kuratomi - 1.5-2 -- python3-tornado BR and run all unittests on python3 - -* Mon Feb 04 2013 Toshio Kuratomi 1.5-1 -- Initial fedora build. diff --git a/python-urllib3.spec b/python-urllib3.spec new file mode 100644 index 0000000..6d6e33e --- /dev/null +++ b/python-urllib3.spec @@ -0,0 +1,543 @@ +# When bootstrapping Python, we cannot test this yet +# RHEL does not include the test dependencies and the dependencies for extras +%if 0%{?rhel} +%bcond_with tests +%bcond_with extras +%else +%bcond_without tests +%bcond_without extras +%endif + +Name: python-urllib3 +Version: 1.26.19 +Release: 2%{?dist} +Summary: HTTP library with thread-safe connection pooling, file post, and more + +# SPDX +License: MIT +URL: https://github.com/urllib3/urllib3 +Source: %{url}/archive/%{version}/urllib3-%{version}.tar.gz + +BuildArch: noarch + +BuildRequires: python3-devel + +%if %{with tests} +# Test dependencies are listed only in dev-requirements.txt. Because there are +# linters and coverage tools mixed in, and exact versions are pinned, we resort +# to manual listing. +# mock==3.0.5: patched out in %%prep +# coverage~=6.0;python_version>="3.6": omitted linter/coverage tool +# tornado==6.1.0;python_version>="3.6" +BuildRequires: %{py3_dist tornado} >= 6.1 +# PySocks==1.7.1 +BuildRequires: %{py3_dist PySocks} >= 1.7.1 +# win-inet-pton==1.1.0: Windows-only workaround +# pytest==6.2.4; python_version>="3.10" +BuildRequires: %{py3_dist pytest} >= 6.2.4 +# pytest-timeout==1.4.2 +BuildRequires: %{py3_dist pytest-timeout} >= 1.4.2 +# pytest-freezegun==0.4.2 +BuildRequires: %{py3_dist pytest-freezegun} >= 0.4.2 +# flaky==3.7.0: not really required +# trustme==0.7.0 +BuildRequires: %{py3_dist trustme} >= 0.7 +# cryptography==38.0.3;python_version>="3.6": associated with the deprecated +# “secure” extra +# python-dateutil==2.8.1 +BuildRequires: %{py3_dist python-dateutil} >= 2.8.1 +# gcp-devrel-py-tools==0.0.16: not used in offline testing +%endif + +%global _description %{expand: +urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings +many critical features that are missing from the Python standard libraries: + + • Thread safety. + • Connection pooling. + • Client-side SSL/TLS verification. + • File uploads with multipart encoding. + • Helpers for retrying requests and dealing with HTTP redirects. + • Support for gzip, deflate, brotli, and zstd encoding. + • Proxy support for HTTP and SOCKS. + • 100% test coverage.} + +%description %{_description} + + +%package -n python3-urllib3 +Summary: %{summary} + +BuildRequires: ca-certificates +Requires: ca-certificates + +# There has historically been a manual hard dependency on python3-idna. +BuildRequires: %{py3_dist idna} +Requires: %{py3_dist idna} + +# grep __version__ src/urllib3/packages/six.py +Provides: bundled(python3dist(six)) = 1.16.0 + +%if %{with extras} +# There has historically been a manual hard dependency on python3-pysocks; +# since bringing it in is the sole function of python3-urllib3+socks, +# we recommend it, so it is installed by default. +Recommends: python3-urllib3+socks +%endif + +%description -n python3-urllib3 %{_description} + + +%if %{with extras} +# We do NOT package the “secure” extra because it is deprecated; see: +# “Deprecate the pyOpenSSL TLS implementation and [secure] extra” +# https://github.com/urllib3/urllib3/issues/2680 +%pyproject_extras_subpkg -n python3-urllib3 brotli socks +%endif + + +%prep +%autosetup -n urllib3-%{version} +# Make sure that the RECENT_DATE value doesn't get too far behind what the current date is. +# RECENT_DATE must not be older that 2 years from the build time, or else test_recent_date +# (from test/test_connection.py) would fail. However, it shouldn't be to close to the build time either, +# since a user's system time could be set to a little in the past from what build time is (because of timezones, +# corner cases, etc). As stated in the comment in src/urllib3/connection.py: +# When updating RECENT_DATE, move it to within two years of the current date, +# and not less than 6 months ago. +# Example: if Today is 2018-01-01, then RECENT_DATE should be any date on or +# after 2016-01-01 (today - 2 years) AND before 2017-07-01 (today - 6 months) +# There is also a test_ssl_wrong_system_time test (from test/with_dummyserver/test_https.py) that tests if +# user's system time isn't set as too far in the past, because it could lead to SSL verification errors. +# That is why we need RECENT_DATE to be set at most 2 years ago (or else test_ssl_wrong_system_time would +# result in false positive), but before at least 6 month ago (so this test could tolerate user's system time being +# set to some time in the past, but not to far away from the present). +# Next few lines update RECENT_DATE dynamically. +recent_date=$(date --date "7 month ago" +"%Y, %_m, %_d") +sed -i "s/^RECENT_DATE = datetime.date(.*)/RECENT_DATE = datetime.date($recent_date)/" src/urllib3/connection.py + +# Use the standard library instead of a backport +sed -i -e 's/^import mock/from unittest import mock/' \ + -e 's/^from mock import /from unittest.mock import /' \ + test/*.py docs/conf.py + + +%generate_buildrequires +# Generate BR’s from packaged extras even when tests are disabled, to ensure +# the extras metapackages are installable if the build succeeds. +%pyproject_buildrequires %{?with_extras:-x brotli,socks} + + +%build +%pyproject_wheel + + +%install +%pyproject_install + +%pyproject_save_files urllib3 + + +%check +# urllib3.contrib.socks requires urllib3[socks] +# urllib3.contrib.ntlmpool is deprecated and requires ntlm +# urllib3.contrib.securetransport is macOS only +# urllib3.contrib.pyopenssl requires urllib3[secure] +%{pyproject_check_import %{!?with_extras:-e urllib3.contrib.socks} + -e urllib3.contrib.ntlmpool + -e urllib3.contrib.securetransport + -e urllib3.contrib.pyopenssl} +%if %{with tests} +# Drop the dummyserver tests in koji. They fail there in real builds, but not +# in scratch builds (weird). +ignore="${ignore-} --ignore=test/with_dummyserver/" +# Don't run the Google App Engine tests +ignore="${ignore-} --ignore=test/appengine/" +# Lots of these tests started failing, even for old versions, so it has something +# to do with Fedora in particular. They don't fail in upstream build infrastructure +ignore="${ignore-} --ignore=test/contrib/" +# Tests for Python built without SSL, but Fedora builds with SSL. These tests +# fail when combined with the unbundling of backports-ssl_match_hostname +ignore="${ignore-} --ignore=test/test_no_ssl.py" +%pytest -v ${ignore-} +%endif + + +%files -n python3-urllib3 -f %{pyproject_files} +%doc CHANGES.rst README.rst + + +%changelog +* Tue Oct 29 2024 Troy Dawson - 1.26.19-2 +- Bump release for October 2024 mass rebuild: + Resolves: RHEL-64018 + +* Wed Jun 26 2024 Lumír Balhar - 1.26.19-1 +- Update to 1.26.19 to fix CVE-2024-37891 +Resolves: RHEL-43171 + +* Mon Jun 24 2024 Troy Dawson - 1.26.18-4 +- Bump release for June 2024 mass rebuild + +* Fri Jan 26 2024 Fedora Release Engineering - 1.26.18-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Jan 22 2024 Fedora Release Engineering - 1.26.18-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Tue Oct 17 2023 Maxwell G - 1.26.18-1 +- Update to 1.26.18. +- Mitigates CVE-2023-45803 / GHSA-g4mx-q9vg-27p4. + +* Mon Oct 09 2023 Miro Hrončok - 1.26.17-2 +- Switch the hardcoded dependency on urllib3[socks] to a weak one + +* Mon Oct 02 2023 Benjamin A. Beasley - 1.26.17-1 +- Update to 1.26.17: fix CVE-2023-43804 (GHSA-v845-jxx5-vc9f) + +* Wed Aug 30 2023 Yaakov Selkowitz - 1.26.16-3 +- Use bundled six + +* Fri Jul 21 2023 Fedora Release Engineering - 1.26.16-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Sat Jul 01 2023 Benjamin A. Beasley - 1.26.16-1 +- Update to 1.26.16 + +* Sat Jul 01 2023 Python Maint - 1.26.15-3 +- Rebuilt for Python 3.12 + +* Tue Jun 13 2023 Python Maint - 1.26.15-2 +- Bootstrap for Python 3.12 + +* Thu May 18 2023 Benjamin A. Beasley - 1.26.15-1 +- Update to 1.26.15 + +* Thu May 18 2023 Benjamin A. Beasley - 1.26.12-5 +- Confirm the License is SPDX MIT +- Update Summary and description based on upstream +- Add metapackages for brotli and socks extras +- Port to pyproject-rpm-macros + +* Tue May 16 2023 Yaakov Selkowitz - 1.26.12-4 +- Disable tests by default in RHEL builds + +* Tue May 16 2023 Tomáš Hrnčiar - 1.26.12-3 +- Accomodate the test to the changed behavior of SSLContext.shared_ciphers() in CPython +- Fixes: rhbz#2203773 + +* Fri Jan 20 2023 Fedora Release Engineering - 1.26.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Sep 15 2022 Kevin Fenzi - 1.26.12-1 +- Update to 1.26.12. Fixes rhbz#2104964 + +* Fri Jul 22 2022 Fedora Release Engineering - 1.26.9-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Tue Jun 14 2022 Python Maint - 1.26.9-3 +- Rebuilt for Python 3.11 + +* Mon Jun 13 2022 Python Maint - 1.26.9-2 +- Bootstrap for Python 3.11 + +* Mon May 30 2022 Kevin Fenzi - 1.26.9-1 +- Update to 1.26.9. fixes rhbz#2064777 + +* Fri Jan 21 2022 Fedora Release Engineering - 1.26.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Sat Jan 08 2022 Kevin Fenzi - 1.26.8-1 +- Update to 1.26.8. Fixes rhbz#2038246 + +* Tue Jan 04 2022 Adam Williamson - 1.26.7-2 +- Stop unbundling ssl.match_hostname, it's deprecated upstream (#2009550) + +* Sun Sep 26 2021 Kevin Fenzi - 1.26.7-1 +- Update to 1.26.7. Fixes rhbz#2006973 + +* Fri Jul 23 2021 Fedora Release Engineering - 1.26.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Sun Jul 11 2021 Kevin Fenzi - 1.26.6-1 +- Update to 1.26.1. Fixes rhbz#1976190 +- Fix FTBFS. Fixes rhbz#1966120 + +* Wed Jun 30 2021 Yatin Karel - 1.26.5-2 +- Update minimal requirement of six to >= 1.16.0 + +* Wed Jun 16 2021 Karolina Surma - 1.26.5-1 +- Update to 1.26.5 +- Fixes rhbz#1965056 + +* Fri Jun 04 2021 Python Maint - 1.26.4-3 +- Rebuilt for Python 3.10 + +* Wed Jun 02 2021 Python Maint - 1.26.4-2 +- Bootstrap for Python 3.10 + +* Tue May 18 2021 Miro Hrončok - 1.26.4-1 +- Update to 1.26.4 +- Fixes rhbz#1889391 + +* Wed Jan 27 2021 Fedora Release Engineering - 1.25.10-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Jan 15 2021 Miro Hrončok - 1.25.10-3 +- Drop redundant BuildRequires for nose +- Instead of the mock backport, use unittest.mock from the standard library + +* Tue Jan 05 2021 Anna Khaitovich - 1.25.10-2 +- Update RECENT_DATE dynamically + +* Sun Sep 27 2020 Kevin Fenzi - 1.25.10-1 +- Update to 1.25.10. Fixed bug #1824900 + +* Wed Jul 29 2020 Fedora Release Engineering - 1.25.8-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Sun May 24 2020 Miro Hrončok - 1.25.8-3 +- Rebuilt for Python 3.9 + +* Fri May 22 2020 Miro Hrončok - 1.25.8-2 +- Bootstrap for Python 3.9 + +* Sun Mar 22 2020 Carl George - 1.25.8-1 +- Latest upstream rhbz#1771186 + +* Thu Jan 30 2020 Fedora Release Engineering - 1.25.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Nov 18 2019 Miro Hrončok - 1.25.7-2 +- Subpackage python2-urllib3 has been removed + See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal + +* Tue Oct 15 2019 Jeremy Cline - 1.25.6-1 +- Update to v1.25.6 + +* Thu Oct 03 2019 Miro Hrončok - 1.25.3-7 +- Rebuilt for Python 3.8.0rc1 (#1748018) + +* Sun Aug 18 2019 Miro Hrončok - 1.25.3-6 +- Rebuilt for Python 3.8 + +* Thu Aug 15 2019 Miro Hrončok - 1.25.3-5 +- Bootstrap for Python 3.8 + +* Fri Jul 26 2019 Fedora Release Engineering - 1.25.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jul 08 2019 Miro Hrončok - 1.25.3-3 +- Set RECENT_DATE not to be older than 2 years (#1727796) + +* Tue May 28 2019 Jeremy Cline - 1.25.3-2 +- Drop the Python 2 tests since Tornado is going away + +* Tue May 28 2019 Jeremy Cline - 1.25.3-1 +- Update to 1.25.3 + +* Sat Feb 02 2019 Fedora Release Engineering - 1.24.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Tue Nov 13 2018 Jeremy Cline - 1.24.1-2 +- Adjust unbundling of ssl_match_hostname + +* Mon Oct 29 2018 Jeremy Cline - 1.24.1-1 +- Update to v1.24.1 + +* Wed Jun 20 2018 Lumír Balhar - 1.23-4 +- Removed unneeded dependency python[23]-psutil + +* Mon Jun 18 2018 Miro Hrončok - 1.23-3 +- Rebuilt for Python 3.7 + +* Thu Jun 14 2018 Miro Hrončok - 1.23-2 +- Bootstrap for Python 3.7 + +* Tue Jun 05 2018 Jeremy Cline - 1.23-1 +- Update to the latest upstream release (rhbz 1586072) + +* Wed May 30 2018 Jeremy Cline - 1.22-10 +- Backport patch to support Python 3.7 (rhbz 1584112) + +* Thu May 03 2018 Lukas Slebodnik - 1.22-9 +- Do not lowercase hostnames with custom-protocol (rhbz 1567862) +- upstream: https://github.com/urllib3/urllib3/issues/1267 + +* Wed Apr 18 2018 Jeremy Cline - 1.22-8 +- Drop the dependency on idna and cryptography (rhbz 1567862) + +* Mon Apr 16 2018 Jeremy Cline - 1.22-7 +- Drop the dependency on PyOpenSSL, it's not needed (rhbz 1567862) + +* Fri Feb 09 2018 Fedora Release Engineering - 1.22-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Jan 31 2018 Iryna Shcherbina - 1.22-5 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Thu Jan 25 2018 Tomas Hoger - 1.22-4 +- Fix FTBFS - Move RECENT_DATE to 2017-06-30 + +* Fri Dec 01 2017 Jeremy Cline - 1.22-3 +- Symlink the Python 3 bytecode for six (rbhz 1519147) + +* Thu Jul 27 2017 Fedora Release Engineering - 1.22-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Jul 21 2017 Jeremy Cline - 1.22-1 +- Update to 1.22 (#1473293) + +* Wed May 17 2017 Jeremy Cline - 1.21.1-1 +- Update to 1.21.1 (#1445280) + +* Thu Feb 09 2017 Jeremy Cline - 1.20-1 +- Update to 1.20 (#1414775) + +* Tue Dec 13 2016 Stratakis Charalampos - 1.19.1-2 +- Rebuild for Python 3.6 + +* Thu Nov 17 2016 Jeremy Cline 1.19.1-1 +- Update to 1.19.1 +- Clean up the specfile to only support Fedora 26 + +* Wed Aug 10 2016 Kevin Fenzi - 1.16-3 +- Rebuild now that python-requests is ready to update. + +* Tue Jul 19 2016 Fedora Release Engineering - 1.16-2 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Wed Jun 15 2016 Kevin Fenzi - 1.16-1 +- Update to 1.16 + +* Thu Jun 02 2016 Ralph Bean - 1.15.1-3 +- Create python2 subpackage to comply with guidelines. + +* Wed Jun 01 2016 Ralph Bean - 1.15.1-2 +- Remove broken symlinks to unbundled python3-six files + https://bugzilla.redhat.com/show_bug.cgi?id=1295015 + +* Fri Apr 29 2016 Ralph Bean - 1.15.1-1 +- Removed patch for ipv6 support, now applied upstream. +- Latest version. +- New dep on pysocks. + +* Fri Feb 26 2016 Ralph Bean - 1.13.1-3 +- Apply patch from upstream to fix ipv6. + +* Thu Feb 04 2016 Fedora Release Engineering - 1.13.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Dec 21 2015 Ralph Bean - 1.13.1-1 +- new version + +* Fri Dec 18 2015 Ralph Bean - 1.13-1 +- new version + +* Mon Dec 14 2015 Ralph Bean - 1.12-1 +- new version + +* Thu Oct 15 2015 Robert Kuska - 1.10.4-7 +- Rebuilt for Python3.5 rebuild + +* Sat Oct 10 2015 Ralph Bean - 1.10.4-6 +- Sync from PyPI instead of a git checkout. + +* Tue Sep 08 2015 Ralph Bean - 1.10.4-5.20150503gita91975b +- Drop requirement on python-backports-ssl_match_hostname on F22 and newer. + +* Thu Jun 18 2015 Fedora Release Engineering - 1.10.4-4.20150503gita91975b +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Jun 08 2015 Ralph Bean - 1.10.4-3.20150503gita91975b +- Apply pyopenssl injection for an outdated cpython as per upstream advice + https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning + https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl + +* Tue May 19 2015 Ralph Bean - 1.10.4-2.20150503gita91975b +- Specify symlinks for six.py{c,o}, fixing rhbz #1222142. + +* Sun May 03 2015 Ralph Bean - 1.10.4-1.20150503gita91975b +- Latest release for python-requests-2.7.0 + +* Wed Apr 29 2015 Ralph Bean - 1.10.3-2.20150429git585983a +- Grab a git snapshot to get around this chunked encoding failure. + +* Wed Apr 22 2015 Ralph Bean - 1.10.3-1 +- new version + +* Thu Feb 26 2015 Ralph Bean - 1.10.2-1 +- new version + +* Wed Feb 18 2015 Ralph Bean - 1.10.1-1 +- new version + +* Wed Feb 18 2015 Ralph Bean - 1.10.1-1 +- new version + +* Mon Jan 05 2015 Ralph Bean - 1.10-2 +- Copy in a shim for ssl_match_hostname on python3. + +* Sun Dec 14 2014 Ralph Bean - 1.10-1 +- Latest upstream 1.10, for python-requests-2.5.0. +- Re-do unbundling without patch, with symlinks. +- Modernize python2 macros. +- Remove the with_dummyserver tests which fail only sometimes. + +* Wed Nov 05 2014 Ralph Bean - 1.9.1-1 +- Latest upstream, 1.9.1 for latest python-requests. + +* Mon Aug 4 2014 Tom Callaway - 1.8.2-4 +- fix license handling + +* Sun Jun 08 2014 Fedora Release Engineering - 1.8.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 14 2014 Bohuslav Kabrda - 1.8.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 + +* Mon Apr 21 2014 Arun S A G - 1.8.2-1 +- Update to latest upstream version + +* Mon Oct 28 2013 Ralph Bean - 1.7.1-2 +- Update patch to find ca_certs in the correct location. + +* Wed Sep 25 2013 Ralph Bean - 1.7.1-1 +- Latest upstream with support for a new timeout class and py3.4. + +* Wed Aug 28 2013 Ralph Bean - 1.7-3 +- Bump release again, just to push an unpaired update. + +* Mon Aug 26 2013 Ralph Bean - 1.7-2 +- Bump release to pair an update with python-requests. + +* Thu Aug 22 2013 Ralph Bean - 1.7-1 +- Update to latest upstream. +- Removed the accept-header proxy patch which is included in upstream now. +- Removed py2.6 compat patch which is included in upstream now. + +* Sun Aug 04 2013 Fedora Release Engineering - 1.5-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jun 11 2013 Toshio Kuratomi - 1.5-6 +- Fix Requires of python-ordereddict to only apply to RHEL + +* Fri Mar 1 2013 Toshio Kuratomi - 1.5-5 +- Unbundling finished! + +* Fri Mar 01 2013 Ralph Bean - 1.5-4 +- Upstream patch to fix Accept header when behind a proxy. +- Reorganize patch numbers to more clearly distinguish them. + +* Wed Feb 27 2013 Ralph Bean - 1.5-3 +- Renamed patches to python-urllib3-* +- Fixed ssl check patch to use the correct cert path for Fedora. +- Included dependency on ca-certificates +- Cosmetic indentation changes to the .spec file. + +* Tue Feb 5 2013 Toshio Kuratomi - 1.5-2 +- python3-tornado BR and run all unittests on python3 + +* Mon Feb 04 2013 Toshio Kuratomi 1.5-1 +- Initial fedora build. diff --git a/sources b/sources new file mode 100644 index 0000000..010dd3d --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (urllib3-1.26.19.tar.gz) = 6b72012dbd85434b2441229cbdea2a94583693f904dde349780e1290d581c8a5e10fe00a287a032ed1276349d0078b530f16a133e0f164dcea18105fa3dec79a