rpms/python3.12-requests
15
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS python3.12-requests-2.28.2-2.el8

Browse Source
This commit is contained in:
eabdullin 2024-04-01 08:02:41 +00:00
commit f93cd58d96
5 changed files with 237 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/requests-v2.28.2.tar.gz

1
.python3.12-requests.metadata Normal file
View File

@ -0,0 +1 @@
be6e9fd46e3003475b0b961be23b4b32f61c680f SOURCES/requests-v2.28.2.tar.gz

56
SOURCES/CVE-2023-32681.patch Normal file
View File

@ -0,0 +1,56 @@
From 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5 Mon Sep 17 00:00:00 2001
From: Nate Prewitt <nate.prewitt@gmail.com>
Date: Mon, 22 May 2023 08:08:57 -0700
Subject: [PATCH] Merge pull request from GHSA-j8r2-6x86-q33q
---
requests/sessions.py | 4 +++-
tests/test_requests.py | 20 ++++++++++++++++++++
2 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/requests/sessions.py b/requests/sessions.py
index 6cb3b4dae3..dbcf2a7b0e 100644
--- a/requests/sessions.py
+++ b/requests/sessions.py
@@ -324,7 +324,9 @@ def rebuild_proxies(self, prepared_request, proxies):
except KeyError:
username, password = None, None
- if username and password:
+ # urllib3 handles proxy authorization for us in the standard adapter.
+ # Avoid appending this to TLS tunneled requests where it may be leaked.
+ if not scheme.startswith('https') and username and password:
headers["Proxy-Authorization"] = _basic_auth_str(username, password)
return new_proxies
diff --git a/tests/test_requests.py b/tests/test_requests.py
index b1c8dd4534..b420c44d73 100644
--- a/tests/test_requests.py
+++ b/tests/test_requests.py
@@ -647,6 +647,26 @@ def test_proxy_authorization_preserved_on_request(self, httpbin):
assert sent_headers.get("Proxy-Authorization") == proxy_auth_value
+
+ @pytest.mark.parametrize(
+ "url,has_proxy_auth",
+ (
+ ('http://example.com', True),
+ ('https://example.com', False),
+ ),
+ )
+ def test_proxy_authorization_not_appended_to_https_request(self, url, has_proxy_auth):
+ session = requests.Session()
+ proxies = {
+ 'http': 'http://test:pass@localhost:8080',
+ 'https': 'http://test:pass@localhost:8090',
+ }
+ req = requests.Request('GET', url)
+ prep = req.prepare()
+ session.rebuild_proxies(prep, proxies)
+
+ assert ('Proxy-Authorization' in prep.headers) is has_proxy_auth
+
def test_basicauth_with_netrc(self, httpbin):
auth = ("user", "pass")
wrong_auth = ("wronguser", "wrongpass")

57
SOURCES/system-certs.patch Normal file
View File

@ -0,0 +1,57 @@
From f21606c102368ad7a6e8bcab5a0c65dcddbbf9e5 Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Thu, 19 Jan 2023 17:35:02 +0100
Subject: [PATCH] system certs
---
requests/certs.py | 7 ++++++-
setup.cfg | 1 -
setup.py | 1 -
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/requests/certs.py b/requests/certs.py
index 1f30a45..9224f62 100644
--- a/requests/certs.py
+++ b/requests/certs.py
@@ -9,8 +9,13 @@ only one — the one from the certifi package.
If you are packaging Requests, e.g., for a Linux distribution or a managed
environment, you can change the definition of where() to return a separately
packaged CA bundle.
+
+This Fedora-patched package returns "/etc/pki/tls/certs/ca-bundle.crt" provided
+by the ca-certificates RPM package.
"""
-from certifi import where
+def where():
+ """Return the absolute path to the system CA bundle."""
+ return '/etc/pki/tls/certs/ca-bundle.crt'
if __name__ == "__main__":
print(where())
diff --git a/setup.cfg b/setup.cfg
index bf21c81..906c0f1 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -4,7 +4,6 @@ provides-extra =
socks
use_chardet_on_py3
requires-dist =
- certifi>=2017.4.17
charset_normalizer>=2,<4
idna>=2.5,<4
urllib3>=1.21.1,<1.27
diff --git a/setup.py b/setup.py
index 092b40d..c6c0ad5 100755
--- a/setup.py
+++ b/setup.py
@@ -62,7 +62,6 @@ requires = [
"charset_normalizer>=2,<4",
"idna>=2.5,<4",
"urllib3>=1.21.1,<1.27",
- "certifi>=2017.4.17",
]
test_requirements = [
"pytest-httpbin==0.0.7",
--
2.39.0

122
SPECS/python3.12-requests.spec Normal file
View File

@ -0,0 +1,122 @@
%global __python3 /usr/bin/python3.12
%global python3_pkgversion 3.12
# When bootstrapping Python, we cannot test this yet
# RHEL does not include the test dependencies
%bcond_with tests
# The extras are disabled on RHEL to avoid pysocks and deprecated requests[security]
%bcond_with extras
Name: python%{python3_pkgversion}-requests
Version: 2.28.2
Release: 2%{?dist}
Summary: HTTP library, written in Python, for human beings
License: ASL 2.0
URL: https://pypi.io/project/requests
Source: https://github.com/requests/requests/archive/v%{version}/requests-v%{version}.tar.gz
# Explicitly use the system certificates in ca-certificates.
# https://bugzilla.redhat.com/show_bug.cgi?id=904614
Patch0: system-certs.patch
# Security fix for CVE-2023-32681
Patch1: https://github.com/psf/requests/commit/74ea7cf7a6.patch#/CVE-2023-32681.patch
BuildArch: noarch
BuildRequires: python%{python3_pkgversion}-devel
BuildRequires: python%{python3_pkgversion}-rpm-macros
BuildRequires: python%{python3_pkgversion}-charset-normalizer
BuildRequires: python%{python3_pkgversion}-urllib3
BuildRequires: python%{python3_pkgversion}-idna
BuildRequires: python%{python3_pkgversion}-setuptools
%if %{with tests}
BuildRequires: python%{python3_pkgversion}-pytest
BuildRequires: python%{python3_pkgversion}-pytest-httpbin
BuildRequires: python%{python3_pkgversion}-pytest-mock
BuildRequires: python%{python3_pkgversion}-trustme
%endif
Requires: python%{python3_pkgversion}-charset-normalizer
Requires: python%{python3_pkgversion}-urllib3
Requires: python%{python3_pkgversion}-idna
%description
Most existing Python modules for sending HTTP requests are extremely verbose and
cumbersome. Pythons built-in urllib2 module provides most of the HTTP
capabilities you should need, but the API is thoroughly broken. This library is
designed to make HTTP requests easy for developers.
%if %{with extras}
%python_extras_subpkg -n python%{python3_pkgversion}-requests -i %{python3_sitelib}/*.egg-info security socks
%endif
%prep
%autosetup -p1 -n requests-%{version}
# env shebang in nonexecutable file
sed -i '/#!\/usr\/.*python/d' requests/certs.py
# Some doctests use the internet and fail to pass in Koji. Since doctests don't have names, I don't
# know a way to skip them. We also don't want to patch them out, because patching them out will
# change the docs. Thus, we set pytest not to run doctests at all.
sed -i 's/ --doctest-modules//' pyproject.toml
%build
%py3_build
%install
%py3_install
%check
%py3_check_import requests
%if %{with tests}
# test_use_proxy_from_environment needs pysocks
%pytest -v %{!?with_extras:-k "not test_use_proxy_from_environment"}
%endif
%files -n python%{python3_pkgversion}-requests
%license LICENSE
%doc README.md HISTORY.md
%{python3_sitelib}/*.egg-info/
%{python3_sitelib}/requests/
%changelog
* Tue Jan 23 2024 Miro Hrončok <mhroncok@redhat.com> - 2.28.2-2
- Rebuilt for timestamp .pyc invalidation mode
* Thu Oct 19 2023 Tomáš Hrnčiar <thrnciar@redhat.com> - 2.28.2-1
- Initial package
- Fedora contributions by:
Adam Williamson <awilliam@redhat.com>
Arun SAG <sagarun@gmail.com>
Charalampos Stratakis <cstratak@redhat.com>
David Malcolm <dmalcolm@redhat.com>
Dennis Gilmore <dennis@ausil.us>
Igor Gnatenko <ignatenkobrain@fedoraproject.org>
Iryna Shcherbina <shcherbina.iryna@gmail.com>
Jeremy Cline <jeremy@jcline.org>
Karolina Surma <ksurma@redhat.com>
Kevin Fenzi <kevin@scrye.com>
Lumir Balhar <lbalhar@redhat.com>
Miro Hrončok <miro@hroncok.cz>
Petr Viktorin <pviktori@redhat.com>
Ralph Bean <rbean@redhat.com>
Randy Barlow <randy@electronsweatshop.com>
Rex Dieter <rdieter@math.unl.edu>
Robert Kuska <rkuska@redhat.com>
Slavek Kabrda <bkabrda@redhat.com>
Stephen Gallagher <sgallagh@redhat.com>
Tom Callaway <spot@fedoraproject.org>
Toshio Kuratomi <toshio@fedoraproject.org>
Yaakov Selkowitz <yselkowi@redhat.com>
yatinkarel <ykarel@redhat.com>