diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..be16816 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/httplib2-0.9.1.tar.gz diff --git a/.python-httplib2.metadata b/.python-httplib2.metadata new file mode 100644 index 0000000..5a2989d --- /dev/null +++ b/.python-httplib2.metadata @@ -0,0 +1 @@ +26696e1a5d79ea6cd7cf3462540695f105d2259e SOURCES/httplib2-0.9.1.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 98f42b4..0000000 --- a/README.md +++ /dev/null @@ -1,4 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/python-httplib2-0.9-cve-2013-2037.patch b/SOURCES/python-httplib2-0.9-cve-2013-2037.patch new file mode 100644 index 0000000..6a09337 --- /dev/null +++ b/SOURCES/python-httplib2-0.9-cve-2013-2037.patch @@ -0,0 +1,21 @@ +diff -Nur httplib2-0.9.orig/python2/httplib2/__init__.py httplib2-0.9/python2/httplib2/__init__.py +--- httplib2-0.9.orig/python2/httplib2/__init__.py 2015-04-03 13:10:43.401035131 -0600 ++++ httplib2-0.9/python2/httplib2/__init__.py 2015-04-03 13:10:08.470685647 -0600 +@@ -1042,7 +1042,7 @@ + raise CertificateHostnameMismatch( + 'Server presented certificate that does not match ' + 'host %s: %s' % (hostname, cert), hostname, cert) +- except ssl_SSLError, e: ++ except (ssl_SSLError, CertificateHostnameMismatch), e: + if sock: + sock.close() + if self.sock: +@@ -1052,7 +1052,7 @@ + # to get at more detailed error information, in particular + # whether the error is due to certificate validation or + # something else (such as SSL protocol mismatch). +- if e.errno == ssl.SSL_ERROR_SSL: ++ if hasattr(e, 'errno') and e.errno == ssl.SSL_ERROR_SSL: + raise SSLHandshakeError(e) + else: + raise diff --git a/SOURCES/python-httplib2-0.9-proxy-http.patch b/SOURCES/python-httplib2-0.9-proxy-http.patch new file mode 100644 index 0000000..0d55002 --- /dev/null +++ b/SOURCES/python-httplib2-0.9-proxy-http.patch @@ -0,0 +1,16 @@ +diff -Nur httplib2-0.9.orig/python2/httplib2/__init__.py httplib2-0.9/python2/httplib2/__init__.py +--- httplib2-0.9.orig/python2/httplib2/__init__.py 2015-04-03 12:56:04.834370332 -0600 ++++ httplib2-0.9/python2/httplib2/__init__.py 2015-04-03 12:58:16.441925454 -0600 +@@ -838,7 +838,11 @@ + else: + port = dict(https=443, http=80)[method] + +- proxy_type = 3 # socks.PROXY_TYPE_HTTP ++ if method == 'http': ++ proxy_type = 4 # socks.PROXY_TYPE_HTTP_NO_TUNNEL ++ else: ++ proxy_type = 3 # socks.PROXY_TYPE_HTTP ++ + return ProxyInfo( + proxy_type = proxy_type, + proxy_host = host, diff --git a/SOURCES/python-httplib2.certfile.patch b/SOURCES/python-httplib2.certfile.patch new file mode 100644 index 0000000..e351169 --- /dev/null +++ b/SOURCES/python-httplib2.certfile.patch @@ -0,0 +1,31 @@ +diff -Nur httplib2-0.9.orig/python2/httplib2/__init__.py httplib2-0.9/python2/httplib2/__init__.py +--- httplib2-0.9.orig/python2/httplib2/__init__.py 2014-04-14 06:52:57.000000000 -0600 ++++ httplib2-0.9/python2/httplib2/__init__.py 2014-05-23 21:17:02.082118837 -0600 +@@ -191,8 +191,10 @@ + CA_CERTS = ca_certs_locater.get() + except ImportError: + # Default CA certificates file bundled with httplib2. +- CA_CERTS = os.path.join( +- os.path.dirname(os.path.abspath(__file__ )), "cacerts.txt") ++# CA_CERTS = os.path.join( ++# os.path.dirname(os.path.abspath(__file__ )), "cacerts.txt") ++# Use Fedora system-wide shared certificate store for security, consistency. ++ CA_CERTS = "/etc/pki/tls/certs/ca-bundle.crt" + + # Which headers are hop-by-hop headers by default + HOP_BY_HOP = ['connection', 'keep-alive', 'proxy-authenticate', 'proxy-authorization', 'te', 'trailers', 'transfer-encoding', 'upgrade'] +--- httplib2-0.9/python3/httplib2/__init__.py 2014-04-14 05:52:57.000000000 -0700 ++++ httplib2-0.9/python3/httplib2/__init__.py.new 2015-01-12 17:22:19.815505848 -0800 +@@ -124,8 +124,10 @@ + HOP_BY_HOP = ['connection', 'keep-alive', 'proxy-authenticate', 'proxy-authorization', 'te', 'trailers', 'transfer-encoding', 'upgrade'] + + # Default CA certificates file bundled with httplib2. +-CA_CERTS = os.path.join( +- os.path.dirname(os.path.abspath(__file__ )), "cacerts.txt") ++#CA_CERTS = os.path.join( ++# os.path.dirname(os.path.abspath(__file__ )), "cacerts.txt") ++# Use Fedora system-wide shared certificate store for security, consistency. ++CA_CERTS = "/etc/pki/tls/certs/ca-bundle.crt" + + def _get_end2end_headers(response): + hopbyhop = list(HOP_BY_HOP) diff --git a/SOURCES/python-httplib2.getCertHost.patch b/SOURCES/python-httplib2.getCertHost.patch new file mode 100644 index 0000000..f9c53de --- /dev/null +++ b/SOURCES/python-httplib2.getCertHost.patch @@ -0,0 +1,21 @@ +diff -up ./python2/httplib2/__init__.py.getCertHost ./python2/httplib2/__init__.py +--- ./python2/httplib2/__init__.py.getCertHost 2012-05-03 17:16:33.834155219 +1000 ++++ ./python2/httplib2/__init__.py 2012-06-21 18:19:33.804660257 +1000 +@@ -942,11 +942,12 @@ class HTTPSConnectionWithTimeout(httplib + list: A list of valid host globs. + """ + if 'subjectAltName' in cert: +- return [x[1] for x in cert['subjectAltName'] +- if x[0].lower() == 'dns'] +- else: +- return [x[0][1] for x in cert['subject'] +- if x[0][0].lower() == 'commonname'] ++ # Patch from richardfearn@gmail.com ++ return [x[1] for x in cert['subjectAltName'] ++ if x[0].lower() == "dns"] ++ ++ return [x[0][1] for x in cert['subject'] ++ if x[0][0].lower() == 'commonname'] + + def _ValidateCertificateHostname(self, cert, hostname): + """Validates that a given hostname is valid for an SSL certificate. diff --git a/SOURCES/python-httplib2.rfc2459.patch b/SOURCES/python-httplib2.rfc2459.patch new file mode 100644 index 0000000..523129e --- /dev/null +++ b/SOURCES/python-httplib2.rfc2459.patch @@ -0,0 +1,19 @@ +diff -up ./python2/httplib2/__init__.py.orig ./python2/httplib2/__init__.py +--- ./python2/httplib2/__init__.py.orig 2012-07-27 18:35:59.215300471 +1000 ++++ ./python2/httplib2/__init__.py 2012-07-27 18:36:30.697287505 +1000 +@@ -943,8 +943,13 @@ class HTTPSConnectionWithTimeout(httplib + """ + if 'subjectAltName' in cert: + # Patch from richardfearn@gmail.com +- return [x[1] for x in cert['subjectAltName'] ++ # RFC 2459 states that subjectAltName may contain: ++ # either DNS, email, IP or URI ++ # email, URI, ++ hosts=[x[1] for x in cert['subjectAltName'] + if x[0].lower() == "dns"] ++ if hosts: ++ return hosts + + return [x[0][1] for x in cert['subject'] + if x[0][0].lower() == 'commonname'] + diff --git a/SPECS/python-httplib2.spec b/SPECS/python-httplib2.spec new file mode 100644 index 0000000..94f30ae --- /dev/null +++ b/SPECS/python-httplib2.spec @@ -0,0 +1,215 @@ +%if 0%{?fedora} >= 13 +%global with_python3 1 +%else +%if 0%{?rhel} > 7 +%global with_python3 1 +%endif +%endif + +%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} + +Name: python-httplib2 +Version: 0.9.1 +Release: 3%{?dist} +Summary: A comprehensive HTTP client library +Group: System Environment/Libraries +License: MIT +URL: https://pypi.python.org/pypi/httplib2 +Source0: https://pypi.python.org/packages/source/h/httplib2/httplib2-%{version}.tar.gz +# See also the 'locater plugin' system httplib2 now allows, and +# https://github.com/dreamhost/httplib2-ca_certs_locater +# It's kind of problematic, though: https://github.com/jcgregorio/httplib2/issues/293 +Patch1: %{name}.certfile.patch +Patch2: %{name}.getCertHost.patch +Patch3: %{name}.rfc2459.patch +# +# Fix proxy with plain http +# https://bugzilla.redhat.com/show_bug.cgi?id=857514 +# https://github.com/jcgregorio/httplib2/issues/228 +# +Patch4: python-httplib2-0.9-proxy-http.patch +# +# Fix for python2 invalid ssl cert hostname on second run +# https://bugzilla.redhat.com/show_bug.cgi?id=958638 +# +Patch5: python-httplib2-0.9-cve-2013-2037.patch + +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +BuildRequires: python-setuptools +BuildRequires: python-devel +BuildArch: noarch + +%if 0%{?with_python3} +BuildRequires: python3-devel +%endif # if with_python3 + +%description +A comprehensive HTTP client library that supports many features left out of +other HTTP libraries. + +%if 0%{?with_python3} +%package -n python3-httplib2 +Summary: A comprehensive HTTP client library +Group: System Environment/Libraries + +%description -n python3-httplib2 +A comprehensive HTTP client library that supports many features left out of +other HTTP libraries. +%endif # with_python3 + +%prep +%setup -q -n httplib2-%{version} +%patch1 -p1 -b .certfile +%patch2 -p0 -b .getCertHost +%patch3 -p0 -b .rfc2459 +%patch4 -p1 +%patch5 -p1 + +%if 0%{?with_python3} +rm -rf %{py3dir} +cp -a . %{py3dir} +find %{py3dir} -name '*.py' | xargs sed -i '1s|^#!/usr/bin/python|#!%{__python3}|' +%endif # with_python3 + +%build +CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build + +%if 0%{?with_python3} +pushd %{py3dir} +%{__python3} setup.py build +popd +%endif # with_python3 + +%install +rm -rf $RPM_BUILD_ROOT +%{__python} setup.py install --skip-build --root $RPM_BUILD_ROOT + +%if 0%{?with_python3} +pushd %{py3dir} +%{__python3} setup.py install --skip-build --root $RPM_BUILD_ROOT +popd +%endif # with_python3 + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root,-) +%{python_sitelib}/* + +%if 0%{?with_python3} +%files -n python3-httplib2 +%defattr(-,root,root,-) +%{python3_sitelib}/* +%endif # with_python3 + +%changelog +* Tue May 16 2017 Pavel Cahyna 0.9.1-3 +- Rebuild for RHEL 7.4 Extras + +* Fri Oct 23 2015 Jon Schlueter 0.9.1-2.1 +- change guard for rhel 7 to exclude python 3 + +* Thu Jun 18 2015 Fedora Release Engineering - 0.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Apr 12 2015 Kevin Fenzi 0.9.1-1 +- Update to 0.9.1 and drop upstreamed patches + +* Fri Apr 03 2015 Kevin Fenzi 0.9-6 +- Add patch to fix http over proxy. Fixes bug #857514 +- Add patch to fix CVE-2013-2037. Fixes bug #958640 +- Add patch to fix binary headers in python3. Fixes bug #1205127 + +* Mon Jan 12 2015 Adam Williamson - 0.9-5 +- certfile.patch: use /etc/pki/tls not /etc/ssl/certs, patch python3 too + +* Mon Jun 30 2014 Toshio Kuratomi - 0.9-4 +- Replace python-setuptools-devel BR with python-setuptools + +* Sat Jun 07 2014 Fedora Release Engineering - 0.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 28 2014 Kalev Lember - 0.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 + +* Fri May 23 2014 Kevin Fenzi 0.9-1 +- Update to 0.9 + +* Wed May 14 2014 Bohuslav Kabrda - 0.7.7-4 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 + +* Sun Aug 04 2013 Fedora Release Engineering - 0.7.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Feb 14 2013 Fedora Release Engineering - 0.7.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jan 02 2013 Ding-Yi Chen - 0.7.7-1 +- Upstream update to 0.7.7 + +* Sat Aug 04 2012 David Malcolm - 0.7.4-7 +- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3 + +* Fri Jul 27 2012 Ding-Yi Chen - 0.7.4-6 +- Fixed Bug 840968 - SSL errors when the site certificate contains + subjectAltName but DNS is not in it + +* Sat Jul 21 2012 Fedora Release Engineering - 0.7.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jun 22 2012 Ding-Yi Chen - 0.7.4-4 +- Unify the spec file between EPEL and Fedora. + +* Thu Jun 21 2012 Ding-Yi Chen - 0.7.4-3 +- Applied patch suggested by richardfearn@gmail.com regarding issue 208 +- Fixed: Bug 832344 - Certification validation fails due to multiple 'dns' entries in subjectAltName + +* Fri Jun 01 2012 Ding-Yi Chen - 0.7.4-2 +- Upstream update for Fedora + +* Thu May 03 2012 Ding-Yi Chen - 0.7.4-1 +- Upstream update to 0.7.4 +- Applied patch suggested in issue 208 + +* Fri Feb 24 2012 Ding-Yi Chen - 0.7.2-1 +- Upstream update to 0.7.2 + Which may fixed http://code.google.com/p/httplib2/issues/detail?id=62 + Note this version uses fedora's cert file bundle instead of httplib2 + default. + +* Sat Jan 14 2012 Fedora Release Engineering - 0.6.0-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Jul 29 2011 Ding-Yi Chen - 0.4.0-5.el6 +- Apply that address python-httplib2 (GoogleCode Hosted) issue 39 + http://code.google.com/p/httplib2/issues/detail?id=39 + +* Tue Feb 08 2011 Fedora Release Engineering - 0.6.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Aug 25 2010 Thomas Spura - 0.6.0-4 +- rebuild with python3.2 + http://lists.fedoraproject.org/pipermail/devel/2010-August/141368.html + +* Thu Jul 22 2010 David Malcolm - 0.6.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Tue Apr 20 2010 Tom "spot" Callaway +- minor spec cleanups +- enable python3 support + +* Fri Apr 02 2010 Andreas Bierfert - 0.6.0-1 +- version upgrade (#566721) + +* Sun Jul 26 2009 Fedora Release Engineering - 0.4.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Feb 26 2009 Fedora Release Engineering - 0.4.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sat Nov 29 2008 Ignacio Vazquez-Abrams - 0.4.0-2 +- Rebuild for Python 2.6 + +* Thu Dec 27 2007 Andreas Bierfert - 0.4.0-1 +- initial version