From 03ca9de185223e581d39c579c1fd098ee47454ec Mon Sep 17 00:00:00 2001
From: "Benjamin A. Beasley" <code@musicinmybrain.net>
Date: Wed, 7 Jan 2026 23:19:39 +0000
Subject: [PATCH] Update to 2.6.3

- Fixes CVE-2026-21441 / GHSA-38jv-5279-wg99

(cherry picked from Fedora commit cd3e490d533b1b4c3aaea5cddbc7aec5e0e82fb0)
---
 .gitignore              | 1 +
 python3.14-urllib3.spec | 2 +-
 sources                 | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index bd674b9..e3fee0e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -54,3 +54,4 @@
 /urllib3-2.6.0.tar.gz
 /urllib3-2.6.1.tar.gz
 /urllib3-2.6.2.tar.gz
+/urllib3-2.6.3.tar.gz
diff --git a/python3.14-urllib3.spec b/python3.14-urllib3.spec
index 806fa22..d3a244d 100644
--- a/python3.14-urllib3.spec
+++ b/python3.14-urllib3.spec
@@ -7,7 +7,7 @@
 %bcond extradeps %{undefined rhel}
 
 Name:           python%{python3_pkgversion}-urllib3
-Version:        2.6.2
+Version:        2.6.3
 Release:        %autorelease
 Summary:        HTTP library with thread-safe connection pooling, file post, and more
 
diff --git a/sources b/sources
index a84bd3c..d7b27ef 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (urllib3-2.6.2.tar.gz) = 7d2167924922f27cd618bb3f8b56a3c4c6a49254ec5ee7ee48aba6d39cd924e40c58db9b759b0a41ac676f7273b56fe8978d6e20b798ff9b8c8c745c74cf9a15
+SHA512 (urllib3-2.6.3.tar.gz) = 554cedfd97d411fffa9a8ba46f592eab9e58c5fa8822ecd5a73ab45d6adfc188a6b9c4e238d02a4fbd3a1067a25a1de841a33d398d0641e22a32ea414876b615
 SHA512 (hypercorn-d1719f8c1570cbd8e6a3719ffdb14a4d72880abb.tar.gz) = 62d6787d88a2e716f0ac04fc49f6cdc586e473a660ee754ff66961922ae78bcc75d1f78b091e78557dd60f006e8e480114738c7b4ff71beac804e4fc9603240b