Update to 2.6.1

- Fixes CVE-2025-66471 / GHSA-2xpw-w6gg-jr37 - Fixes CVE-2025-66418 / GHSA-gm62-xv2j-4w53 (cherry picked from Fedora commit 5baec5bbecb9d967237ff5c28d36298997feeb8a)
2025-12-08 11:12:58 +00:00 · 2025-12-08 11:12:58 +00:00 · 7ad7de6c77
commit 7ad7de6c77
parent 84e07f8329
4 changed files with 9 additions and 11 deletions
--- a/.gitignore
+++ b/.gitignore
@ -51,3 +51,5 @@
 /urllib3-2.3.0.tar.gz
 /urllib3-2.4.0.tar.gz
 /urllib3-2.5.0.tar.gz
+/urllib3-2.6.0.tar.gz
+/urllib3-2.6.1.tar.gz
--- a/Replace-hatchling-with-setuptools-build-backend.patch
+++ b/Replace-hatchling-with-setuptools-build-backend.patch
@ -1,4 +1,4 @@
-From f3c2f0a31bcdf1fc4011b4c531d3fab401696d84 Mon Sep 17 00:00:00 2001
+From 6b3510429ea041f0ab516bfbf78a550859b7f50e Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hrn=C4=8Diar?= <thrnciar@redhat.com>
 Date: Mon, 22 Sep 2025 14:25:42 +0200
 Subject: [PATCH] Replace hatchling with setuptools build backend
@ -8,21 +8,21 @@ Subject: [PATCH] Replace hatchling with setuptools build backend
 1 file changed, 5 insertions(+), 2 deletions(-)

 diff --git a/pyproject.toml b/pyproject.toml
-index 60fce65..423f58a 100644
+index 45538a6..d73b358 100644
 --- a/pyproject.toml
 +++ b/pyproject.toml
@@ -1,8 +1,8 @@
 # This file is protected via CODEOWNERS
 
 [build-system]
-requires = ["hatchling>=1.6.0,<2", "hatch-vcs>=0.4.0,<0.6.0", "setuptools-scm>=8,<9"]
+-requires = ["hatchling>=1.27.0,<2", "hatch-vcs>=0.4.0,<0.6.0", "setuptools-scm>=8,<10"]
 -build-backend = "hatchling.build"
 +build-backend = "setuptools.build_meta"
 +requires = ["setuptools>=77", "setuptools_scm"]
 
 [project]
 name = "urllib3"
-@@ -134,6 +134,9 @@ include = [
+@@ -132,6 +132,9 @@ include = [
   "/LICENSE.txt",
 ]
 
@ -33,5 +33,5 @@ index 60fce65..423f58a 100644
 xfail_strict = true
 python_classes = ["Test", "*TestCase"]
 -- 
-2.51.0
+2.52.0

--- a/python3.14-urllib3.spec
+++ b/python3.14-urllib3.spec
@ -7,7 +7,7 @@
 %bcond extradeps %{undefined rhel}

 Name:           python%{python3_pkgversion}-urllib3
-Version:        2.5.0
+Version:        2.6.1
 Release:        %autorelease
 Summary:        HTTP library with thread-safe connection pooling, file post, and more

@ -82,10 +82,6 @@ many critical features that are missing from the Python standard libraries:
 %autosetup -n urllib3-%{version}
 %setup -q -n urllib3-%{version} -T -D -b 1

-# Unpin hatch-vcs version
-# See https://github.com/urllib3/urllib3/issues/3612
-sed -i 's/hatch-vcs==/hatch-vcs>=/' pyproject.toml
-
 # Make sure that the RECENT_DATE value doesn't get too far behind what the current date is.
 # RECENT_DATE must not be older that 2 years from the build time, or else test_recent_date
 # (from test/test_connection.py) would fail. However, it shouldn't be to close to the build time either,
--- a/2
+++ b/2
@ -1,2 +1,2 @@
-SHA512 (urllib3-2.5.0.tar.gz) = 492ebb3e0481ee5433f45bef184ddb01714dedcbe2eb61665c781f3dcd0d9a226204052d64215c02e8972155560bc146395022723f79c076cb59abe1c0ef51ff
+SHA512 (urllib3-2.6.1.tar.gz) = a5935e42cfa843688f68e2c71de3eff4c505907bd155f41a6f3406000cfaa060db0184a18448e269192c3f69861f5630a112fe207874da45bf475bebbdeb2b83
 SHA512 (hypercorn-d1719f8c1570cbd8e6a3719ffdb14a4d72880abb.tar.gz) = 62d6787d88a2e716f0ac04fc49f6cdc586e473a660ee754ff66961922ae78bcc75d1f78b091e78557dd60f006e8e480114738c7b4ff71beac804e4fc9603240b