%global srcname urllib3 # Tests are disabled to remove the test dependencies # Specify --with tests to run the tests on e.g. EPEL %bcond_with tests Name: python-%{srcname} Version: 1.26.5 Release: 6%{?dist} Summary: Python HTTP library with thread-safe connection pooling and file post License: MIT URL: https://github.com/urllib3/urllib3 Source0: %{url}/archive/%{version}/%{srcname}-%{version}.tar.gz # Unbundle ssl_match_hostname since we depend on it Source1: ssl_match_hostname_py3.py BuildArch: noarch # CVE-2023-43804 # Added the `Cookie` header to the list of headers to strip from # requests when redirecting to a different host. As before, different headers # can be set via `Retry.remove_headers_on_redirect`. # Tests backported only partially as we don't use the whole part of # testing with dummyserver. # Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=2242493 # Upstream fix: https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb Patch1: CVE-2023-43804.patch # CVE-2023-45803 # Remove HTTP request body when request method is changed. # Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-45803 # Upstream fix: https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 Patch2: CVE-2023-45803.patch # PoolManager.urlopen fails with TypeError for http connection if the PoolManager is instantiated with server_hostname # Tracking bug: https://issues.redhat.com/browse/RHEL-39285 # Upstream fix: https://github.com/urllib3/urllib3/commit/f1d40fd07f7b5d9cf846a18fb5a920b4be07dfc5 Patch3: Add-server_hostname-to-SSL_KEYWORDS.patch # CVE-2024-37891 # Proxy-authorization request header is not stripped during cross-origin redirects. # Tracking bug: https://issues.redhat.com/browse/RHEL-43172 # Upstream fix: https://github.com/urllib3/urllib3/commit/40b6d1605814dd1db0a46e202d6e56f2e4c9a468 Patch4: CVE-2024-37891.patch %description Python HTTP module with connection pooling and file POST abilities. %package -n python3-%{srcname} Summary: Python3 HTTP library with thread-safe connection pooling and file post BuildRequires: python3-devel BuildRequires: python3-setuptools %if %{with tests} BuildRequires: python3-dateutil BuildRequires: python3-six BuildRequires: python3-pysocks BuildRequires: python3-pytest BuildRequires: python3-pytest-freezegun BuildRequires: python3-pytest-timeout BuildRequires: python3-tornado BuildRequires: python3-trustme BuildRequires: python3-idna %endif Requires: ca-certificates Requires: python3-idna Requires: python3-six Requires: python3-pysocks %description -n python3-%{srcname} Python3 HTTP module with connection pooling and file POST abilities. %prep %autosetup -p1 -n %{srcname}-%{version} # Make sure that the RECENT_DATE value doesn't get too far behind what the current date is. # RECENT_DATE must not be older that 2 years from the build time, or else test_recent_date # (from test/test_connection.py) would fail. However, it shouldn't be to close to the build time either, # since a user's system time could be set to a little in the past from what build time is (because of timezones, # corner cases, etc). As stated in the comment in src/urllib3/connection.py: # When updating RECENT_DATE, move it to within two years of the current date, # and not less than 6 months ago. # Example: if Today is 2018-01-01, then RECENT_DATE should be any date on or # after 2016-01-01 (today - 2 years) AND before 2017-07-01 (today - 6 months) # There is also a test_ssl_wrong_system_time test (from test/with_dummyserver/test_https.py) that tests if # user's system time isn't set as too far in the past, because it could lead to SSL verification errors. # That is why we need RECENT_DATE to be set at most 2 years ago (or else test_ssl_wrong_system_time would # result in false positive), but before at least 6 month ago (so this test could tolerate user's system time being # set to some time in the past, but not to far away from the present). # Next few lines update RECENT_DATE dynamically. recent_date=$(date --date "7 month ago" +"%Y, %_m, %_d") sed -i "s/^RECENT_DATE = datetime.date(.*)/RECENT_DATE = datetime.date($recent_date)/" src/urllib3/connection.py # Drop the dummyserver tests in koji. They fail there in real builds, but not # in scratch builds (weird). rm -rf test/with_dummyserver/ # Don't run the Google App Engine tests rm -rf test/appengine/ # Lots of these tests started failing, even for old versions, so it has something # to do with Fedora in particular. They don't fail in upstream build infrastructure rm -rf test/contrib/ # Tests for Python built without SSL, but Fedora builds with SSL. These tests # fail when combined with the unbundling of backports-ssl_match_hostname rm -f test/test_no_ssl.py # Use the standard library instead of a backport sed -i -e 's/^import mock/from unittest import mock/' \ -e 's/^from mock import /from unittest.mock import /' \ test/*.py docs/conf.py %build %py3_build %install %py3_install # Unbundle the Python 3 build rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/six.* rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname/ mkdir -p %{buildroot}/%{python3_sitelib}/urllib3/packages/ cp -a %{SOURCE1} %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname.py ln -s %{python3_sitelib}/six.py %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.opt-1.pyc \ %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/ ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.pyc \ %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/ %if %{with tests} %check %pytest -v %endif %files -n python3-%{srcname} %license LICENSE.txt %doc CHANGES.rst README.rst CONTRIBUTORS.txt %{python3_sitelib}/urllib3/ %{python3_sitelib}/urllib3-*.egg-info/ %changelog * Tue Jun 18 2024 Tomáš Hrnčiar - 1.26.5-6 - Security fix for CVE-2024-37891 - Backport upstream patch to fix TypeError for http connection if the PoolManager - is instantiated with server_hostname Resolves: RHEL-43172 Resolves: RHEL-39285 * Tue Dec 12 2023 Lumír Balhar - 1.26.5-5 - Security fix for CVE-2023-45803 Resolves: RHEL-16874 * Thu Oct 12 2023 Lumír Balhar - 1.26.5-4 - Security fix for CVE-2023-43804 Resolves: RHEL-12001 * Tue Feb 08 2022 Tomáš Hrnčiar - 1.26.5-3 - Add automatically generated Obsoletes tag with the python39- prefix for smoother upgrade from RHEL8 - Related: rhbz#1990421 * Tue Aug 10 2021 Mohan Boddu - 1.26.5-2 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688 * Wed Jun 16 2021 Karolina Surma - 1.26.5-1 - Update to 1.26.5 - Fix for CVE-2021-33503 Catastrophic backtracking in URL authority parser Resolves: rhbz#1972639 * Tue May 18 2021 Miro Hrončok - 1.26.4-1 - Update to 1.26.4 Resolves: rhbz#1935737 * Fri Apr 16 2021 Mohan Boddu - 1.25.10-6 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 * Mon Mar 08 2021 Charalampos Stratakis - 1.25.10-5 - Disable tests on RHEL9 to remove the python-tornado dependency * Wed Jan 27 2021 Fedora Release Engineering - 1.25.10-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Fri Jan 15 2021 Miro Hrončok - 1.25.10-3 - Drop redundant BuildRequires for nose - Instead of the mock backport, use unittest.mock from the standard library * Tue Jan 05 2021 Anna Khaitovich - 1.25.10-2 - Update RECENT_DATE dynamically * Sun Sep 27 2020 Kevin Fenzi - 1.25.10-1 - Update to 1.25.10. Fixed bug #1824900 * Wed Jul 29 2020 Fedora Release Engineering - 1.25.8-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Sun May 24 2020 Miro Hrončok - 1.25.8-3 - Rebuilt for Python 3.9 * Fri May 22 2020 Miro Hrončok - 1.25.8-2 - Bootstrap for Python 3.9 * Sun Mar 22 2020 Carl George - 1.25.8-1 - Latest upstream rhbz#1771186 * Thu Jan 30 2020 Fedora Release Engineering - 1.25.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Mon Nov 18 2019 Miro Hrončok - 1.25.7-2 - Subpackage python2-urllib3 has been removed See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal * Tue Oct 15 2019 Jeremy Cline - 1.25.6-1 - Update to v1.25.6 * Thu Oct 03 2019 Miro Hrončok - 1.25.3-7 - Rebuilt for Python 3.8.0rc1 (#1748018) * Sun Aug 18 2019 Miro Hrončok - 1.25.3-6 - Rebuilt for Python 3.8 * Thu Aug 15 2019 Miro Hrončok - 1.25.3-5 - Bootstrap for Python 3.8 * Fri Jul 26 2019 Fedora Release Engineering - 1.25.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Mon Jul 08 2019 Miro Hrončok - 1.25.3-3 - Set RECENT_DATE not to be older than 2 years (#1727796) * Tue May 28 2019 Jeremy Cline - 1.25.3-2 - Drop the Python 2 tests since Tornado is going away * Tue May 28 2019 Jeremy Cline - 1.25.3-1 - Update to 1.25.3 * Sat Feb 02 2019 Fedora Release Engineering - 1.24.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Tue Nov 13 2018 Jeremy Cline - 1.24.1-2 - Adjust unbundling of ssl_match_hostname * Mon Oct 29 2018 Jeremy Cline - 1.24.1-1 - Update to v1.24.1 * Wed Jun 20 2018 Lumír Balhar - 1.23-4 - Removed unneeded dependency python[23]-psutil * Mon Jun 18 2018 Miro Hrončok - 1.23-3 - Rebuilt for Python 3.7 * Thu Jun 14 2018 Miro Hrončok - 1.23-2 - Bootstrap for Python 3.7 * Tue Jun 05 2018 Jeremy Cline - 1.23-1 - Update to the latest upstream release (rhbz 1586072) * Wed May 30 2018 Jeremy Cline - 1.22-10 - Backport patch to support Python 3.7 (rhbz 1584112) * Thu May 03 2018 Lukas Slebodnik - 1.22-9 - Do not lowercase hostnames with custom-protocol (rhbz 1567862) - upstream: https://github.com/urllib3/urllib3/issues/1267 * Wed Apr 18 2018 Jeremy Cline - 1.22-8 - Drop the dependency on idna and cryptography (rhbz 1567862) * Mon Apr 16 2018 Jeremy Cline - 1.22-7 - Drop the dependency on PyOpenSSL, it's not needed (rhbz 1567862) * Fri Feb 09 2018 Fedora Release Engineering - 1.22-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Jan 31 2018 Iryna Shcherbina - 1.22-5 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) * Thu Jan 25 2018 Tomas Hoger - 1.22-4 - Fix FTBFS - Move RECENT_DATE to 2017-06-30 * Fri Dec 01 2017 Jeremy Cline - 1.22-3 - Symlink the Python 3 bytecode for six (rbhz 1519147) * Thu Jul 27 2017 Fedora Release Engineering - 1.22-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Jul 21 2017 Jeremy Cline - 1.22-1 - Update to 1.22 (#1473293) * Wed May 17 2017 Jeremy Cline - 1.21.1-1 - Update to 1.21.1 (#1445280) * Thu Feb 09 2017 Jeremy Cline - 1.20-1 - Update to 1.20 (#1414775) * Tue Dec 13 2016 Stratakis Charalampos - 1.19.1-2 - Rebuild for Python 3.6 * Thu Nov 17 2016 Jeremy Cline 1.19.1-1 - Update to 1.19.1 - Clean up the specfile to only support Fedora 26 * Wed Aug 10 2016 Kevin Fenzi - 1.16-3 - Rebuild now that python-requests is ready to update. * Tue Jul 19 2016 Fedora Release Engineering - 1.16-2 - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages * Wed Jun 15 2016 Kevin Fenzi - 1.16-1 - Update to 1.16 * Thu Jun 02 2016 Ralph Bean - 1.15.1-3 - Create python2 subpackage to comply with guidelines. * Wed Jun 01 2016 Ralph Bean - 1.15.1-2 - Remove broken symlinks to unbundled python3-six files https://bugzilla.redhat.com/show_bug.cgi?id=1295015 * Fri Apr 29 2016 Ralph Bean - 1.15.1-1 - Removed patch for ipv6 support, now applied upstream. - Latest version. - New dep on pysocks. * Fri Feb 26 2016 Ralph Bean - 1.13.1-3 - Apply patch from upstream to fix ipv6. * Thu Feb 04 2016 Fedora Release Engineering - 1.13.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Mon Dec 21 2015 Ralph Bean - 1.13.1-1 - new version * Fri Dec 18 2015 Ralph Bean - 1.13-1 - new version * Mon Dec 14 2015 Ralph Bean - 1.12-1 - new version * Thu Oct 15 2015 Robert Kuska - 1.10.4-7 - Rebuilt for Python3.5 rebuild * Sat Oct 10 2015 Ralph Bean - 1.10.4-6 - Sync from PyPI instead of a git checkout. * Tue Sep 08 2015 Ralph Bean - 1.10.4-5.20150503gita91975b - Drop requirement on python-backports-ssl_match_hostname on F22 and newer. * Thu Jun 18 2015 Fedora Release Engineering - 1.10.4-4.20150503gita91975b - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Mon Jun 08 2015 Ralph Bean - 1.10.4-3.20150503gita91975b - Apply pyopenssl injection for an outdated cpython as per upstream advice https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning https://urllib3.readthedocs.org/en/latest/security.html#pyopenssl * Tue May 19 2015 Ralph Bean - 1.10.4-2.20150503gita91975b - Specify symlinks for six.py{c,o}, fixing rhbz #1222142. * Sun May 03 2015 Ralph Bean - 1.10.4-1.20150503gita91975b - Latest release for python-requests-2.7.0 * Wed Apr 29 2015 Ralph Bean - 1.10.3-2.20150429git585983a - Grab a git snapshot to get around this chunked encoding failure. * Wed Apr 22 2015 Ralph Bean - 1.10.3-1 - new version * Thu Feb 26 2015 Ralph Bean - 1.10.2-1 - new version * Wed Feb 18 2015 Ralph Bean - 1.10.1-1 - new version * Wed Feb 18 2015 Ralph Bean - 1.10.1-1 - new version * Mon Jan 05 2015 Ralph Bean - 1.10-2 - Copy in a shim for ssl_match_hostname on python3. * Sun Dec 14 2014 Ralph Bean - 1.10-1 - Latest upstream 1.10, for python-requests-2.5.0. - Re-do unbundling without patch, with symlinks. - Modernize python2 macros. - Remove the with_dummyserver tests which fail only sometimes. * Wed Nov 05 2014 Ralph Bean - 1.9.1-1 - Latest upstream, 1.9.1 for latest python-requests. * Mon Aug 4 2014 Tom Callaway - 1.8.2-4 - fix license handling * Sun Jun 08 2014 Fedora Release Engineering - 1.8.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 14 2014 Bohuslav Kabrda - 1.8.2-2 - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 * Mon Apr 21 2014 Arun S A G - 1.8.2-1 - Update to latest upstream version * Mon Oct 28 2013 Ralph Bean - 1.7.1-2 - Update patch to find ca_certs in the correct location. * Wed Sep 25 2013 Ralph Bean - 1.7.1-1 - Latest upstream with support for a new timeout class and py3.4. * Wed Aug 28 2013 Ralph Bean - 1.7-3 - Bump release again, just to push an unpaired update. * Mon Aug 26 2013 Ralph Bean - 1.7-2 - Bump release to pair an update with python-requests. * Thu Aug 22 2013 Ralph Bean - 1.7-1 - Update to latest upstream. - Removed the accept-header proxy patch which is included in upstream now. - Removed py2.6 compat patch which is included in upstream now. * Sun Aug 04 2013 Fedora Release Engineering - 1.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Tue Jun 11 2013 Toshio Kuratomi - 1.5-6 - Fix Requires of python-ordereddict to only apply to RHEL * Fri Mar 1 2013 Toshio Kuratomi - 1.5-5 - Unbundling finished! * Fri Mar 01 2013 Ralph Bean - 1.5-4 - Upstream patch to fix Accept header when behind a proxy. - Reorganize patch numbers to more clearly distinguish them. * Wed Feb 27 2013 Ralph Bean - 1.5-3 - Renamed patches to python-urllib3-* - Fixed ssl check patch to use the correct cert path for Fedora. - Included dependency on ca-certificates - Cosmetic indentation changes to the .spec file. * Tue Feb 5 2013 Toshio Kuratomi - 1.5-2 - python3-tornado BR and run all unittests on python3 * Mon Feb 04 2013 Toshio Kuratomi 1.5-1 - Initial fedora build.