|
 |
3ae537 |
%bcond_without python3
|
|
|
3ae537 |
|
|
|
3ae537 |
%global srcname urllib3
|
|
|
3ae537 |
|
|
|
3ae537 |
Name: python-%{srcname}
|
|
|
3ae537 |
Version: 1.24.2
|
|
|
3ae537 |
Release: 1%{?dist}
|
|
|
3ae537 |
Summary: Python HTTP library with thread-safe connection pooling and file post
|
|
|
3ae537 |
|
|
|
3ae537 |
License: MIT
|
|
|
3ae537 |
URL: https://github.com/shazow/urllib3
|
|
|
3ae537 |
Source0: %{url}/archive/%{version}/%{srcname}-%{version}.tar.gz
|
|
|
3ae537 |
# Used with Python 3.5+
|
|
|
3ae537 |
Source1: ssl_match_hostname_py3.py
|
|
|
3ae537 |
BuildArch: noarch
|
|
|
3ae537 |
|
|
|
3ae537 |
# CVE-2019-11236 python-urllib3:
|
|
|
3ae537 |
# - CRLF injection due to not encoding the '\r\n' sequence leading to
|
|
|
3ae537 |
# possible attack on internal service.
|
|
|
3ae537 |
# - Also known as CVE-2019-9740 (duplicate entry)
|
|
|
3ae537 |
# Backported from:
|
|
|
3ae537 |
# * https://github.com/urllib3/urllib3/pull/1591
|
|
|
3ae537 |
# - Superfluous commits were omitted (flake8 checks, travis settings, macos patch)
|
|
|
3ae537 |
# * https://github.com/urllib3/urllib3/pull/1593
|
|
|
3ae537 |
Patch1: CVE-2019-11236.patch
|
|
|
3ae537 |
|
|
|
3ae537 |
|
|
|
3ae537 |
%description
|
|
|
3ae537 |
Python HTTP module with connection pooling and file POST abilities.
|
|
|
3ae537 |
|
|
|
3ae537 |
%package -n python2-%{srcname}
|
|
|
3ae537 |
Summary: Python2 HTTP library with thread-safe connection pooling and file post
|
|
|
3ae537 |
%{?python_provide:%python_provide python2-%{srcname}}
|
|
|
3ae537 |
|
|
|
3ae537 |
Requires: ca-certificates
|
|
|
3ae537 |
|
|
|
3ae537 |
# Previously bundled things:
|
|
|
3ae537 |
Requires: python2-six
|
|
|
3ae537 |
Requires: python2-backports-ssl_match_hostname
|
|
|
3ae537 |
|
|
|
3ae537 |
# Secure extra requirements
|
|
|
3ae537 |
Requires: python2-ipaddress
|
|
|
3ae537 |
Requires: python2-pysocks
|
|
|
3ae537 |
|
|
|
3ae537 |
BuildRequires: python2-devel
|
|
|
3ae537 |
|
|
|
3ae537 |
# For tests
|
|
|
3ae537 |
BuildRequires: python2-pytest
|
|
|
3ae537 |
BuildRequires: python2-mock
|
|
|
3ae537 |
BuildRequires: python2-pysocks
|
|
|
3ae537 |
BuildRequires: python2-backports-ssl_match_hostname
|
|
|
3ae537 |
|
|
|
3ae537 |
%description -n python2-%{srcname}
|
|
|
3ae537 |
Python2 HTTP module with connection pooling and file POST abilities.
|
|
|
3ae537 |
|
|
|
3ae537 |
|
|
|
3ae537 |
%if %{with python3}
|
|
|
3ae537 |
%package -n python3-%{srcname}
|
|
|
3ae537 |
Summary: Python3 HTTP library with thread-safe connection pooling and file post
|
|
|
3ae537 |
|
|
|
3ae537 |
BuildRequires: python3-devel
|
|
|
3ae537 |
# For unittests
|
|
|
3ae537 |
BuildRequires: python3-mock
|
|
|
3ae537 |
BuildRequires: python3-six
|
|
|
3ae537 |
BuildRequires: python3-pysocks
|
|
|
3ae537 |
BuildRequires: python3-pytest
|
|
|
3ae537 |
|
|
|
3ae537 |
Requires: ca-certificates
|
|
|
3ae537 |
Requires: python3-six
|
|
|
3ae537 |
Requires: python3-pysocks
|
|
|
3ae537 |
|
|
|
3ae537 |
%description -n python3-%{srcname}
|
|
|
3ae537 |
Python3 HTTP module with connection pooling and file POST abilities.
|
|
|
3ae537 |
|
|
|
3ae537 |
%endif
|
|
|
3ae537 |
|
|
|
3ae537 |
%prep
|
|
|
3ae537 |
%setup -q -n %{srcname}-%{version}
|
|
|
3ae537 |
|
|
|
3ae537 |
%patch1 -p1
|
|
|
3ae537 |
|
|
|
3ae537 |
# Drop the dummyserver tests in koji.
|
|
|
3ae537 |
# These require tornado, a Web framework otherwise unused in the distro.
|
|
|
3ae537 |
rm -rf test/with_dummyserver/
|
|
|
3ae537 |
rm -rf test/test_connectionpool.py
|
|
|
3ae537 |
rm -rf dummyserver/
|
|
|
3ae537 |
# Don't run the Google App Engine tests
|
|
|
3ae537 |
rm -rf test/appengine/
|
|
|
3ae537 |
# Lots of these tests started failing, even for old versions, so it has something
|
|
|
3ae537 |
# to do with Fedora in particular. They don't fail in upstream build infrastructure
|
|
|
3ae537 |
rm -rf test/contrib/
|
|
|
3ae537 |
|
|
|
3ae537 |
# Tests for Python built without SSL, but RHEL builds with SSL. These tests
|
|
|
3ae537 |
# fail when combined with the unbundling of backports-ssl_match_hostname
|
|
|
3ae537 |
rm -f test/test_no_ssl.py
|
|
|
3ae537 |
|
|
|
3ae537 |
%build
|
|
|
3ae537 |
%py2_build
|
|
|
3ae537 |
%if %{with python3}
|
|
|
3ae537 |
%py3_build
|
|
|
3ae537 |
%endif
|
|
|
3ae537 |
|
|
|
3ae537 |
|
|
|
3ae537 |
%install
|
|
|
3ae537 |
%py2_install
|
|
|
3ae537 |
%if %{with python3}
|
|
|
3ae537 |
%py3_install
|
|
|
3ae537 |
%endif
|
|
|
3ae537 |
|
|
|
3ae537 |
# Unbundle the Python 2 build
|
|
|
3ae537 |
rm -rf %{buildroot}/%{python2_sitelib}/urllib3/packages/six.py*
|
|
|
3ae537 |
rm -rf %{buildroot}/%{python2_sitelib}/urllib3/packages/ssl_match_hostname/
|
|
|
3ae537 |
|
|
|
3ae537 |
mkdir -p %{buildroot}/%{python2_sitelib}/urllib3/packages/
|
|
|
3ae537 |
ln -s %{python2_sitelib}/six.py %{buildroot}/%{python2_sitelib}/urllib3/packages/six.py
|
|
|
3ae537 |
ln -s %{python2_sitelib}/six.pyc %{buildroot}/%{python2_sitelib}/urllib3/packages/six.pyc
|
|
|
3ae537 |
ln -s %{python2_sitelib}/six.pyo %{buildroot}/%{python2_sitelib}/urllib3/packages/six.pyo
|
|
|
3ae537 |
|
|
|
3ae537 |
ln -s %{python2_sitelib}/backports/ssl_match_hostname %{buildroot}/%{python2_sitelib}/urllib3/packages/ssl_match_hostname
|
|
|
3ae537 |
|
|
|
3ae537 |
%if %{with python3}
|
|
|
3ae537 |
# Unbundle the Python 3 build
|
|
|
3ae537 |
rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py*
|
|
|
3ae537 |
rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/six*
|
|
|
3ae537 |
rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname/
|
|
|
3ae537 |
|
|
|
3ae537 |
mkdir -p %{buildroot}/%{python3_sitelib}/urllib3/packages/
|
|
|
3ae537 |
ln -s %{python3_sitelib}/six.py \
|
|
|
3ae537 |
%{buildroot}/%{python3_sitelib}/urllib3/packages/six.py
|
|
|
3ae537 |
ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.opt-1.pyc \
|
|
|
3ae537 |
%{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/
|
|
|
3ae537 |
ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.pyc \
|
|
|
3ae537 |
%{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/
|
|
|
3ae537 |
# urllib3 requires Python 3.5 to use the standard library's match_hostname,
|
|
|
3ae537 |
# which we ship in RHEL8, so we can safely replace the bundled version with
|
|
|
3ae537 |
# this stub which imports the necessary objects.
|
|
|
3ae537 |
cp %{SOURCE1} %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname.py
|
|
|
3ae537 |
%endif
|
|
|
3ae537 |
|
|
|
3ae537 |
%check
|
|
|
3ae537 |
pushd test
|
|
|
3ae537 |
PYTHONPATH=%{buildroot}%{python2_sitelib}:%{python2_sitelib} %{__python2} -m pytest -v
|
|
|
3ae537 |
popd
|
|
|
3ae537 |
%if %{with python3}
|
|
|
3ae537 |
py.test-3
|
|
|
3ae537 |
%endif
|
|
|
3ae537 |
|
|
|
3ae537 |
%files -n python2-%{srcname}
|
|
|
3ae537 |
%license LICENSE.txt
|
|
|
3ae537 |
%doc CHANGES.rst README.rst CONTRIBUTORS.txt
|
|
|
3ae537 |
%{python2_sitelib}/urllib3/
|
|
|
3ae537 |
%{python2_sitelib}/urllib3-*.egg-info
|
|
|
3ae537 |
|
|
|
3ae537 |
|
|
|
3ae537 |
%if %{with python3}
|
|
|
3ae537 |
%files -n python3-%{srcname}
|
|
|
3ae537 |
%license LICENSE.txt
|
|
|
3ae537 |
%doc CHANGES.rst README.rst CONTRIBUTORS.txt
|
|
|
3ae537 |
%{python3_sitelib}/urllib3/
|
|
|
3ae537 |
%{python3_sitelib}/urllib3-*.egg-info
|
|
|
3ae537 |
%endif
|
|
|
3ae537 |
|
|
|
3ae537 |
|
|
|
3ae537 |
%changelog
|
|
|
3ae537 |
* Fri May 03 2019 Tomas Orsava <torsava@redhat.com> - 1.24.2-1
|
|
|
3ae537 |
- Rebased to 1.24.2 to fix CVE-2019-11324
|
|
|
3ae537 |
- Added patches for CVE-2019-11236 (AKA CVE-2019-9740)
|
|
|
3ae537 |
- Resolves: rhbz#1706765 rhbz#1706762
|
|
|
3ae537 |
|
|
|
3ae537 |
* Thu Apr 25 2019 Tomas Orsava <torsava@redhat.com> - 1.23-7
|
|
|
3ae537 |
- Bumping due to problems with modular RPM upgrade path
|
|
|
3ae537 |
- Resolves: rhbz#1695587
|
|
|
3ae537 |
|
|
|
3ae537 |
* Tue Jul 31 2018 Lumír Balhar <lbalhar@redhat.com> - 1.23-6
|
|
|
3ae537 |
- Make possible to disable python3 subpackage
|
|
|
3ae537 |
|
|
|
3ae537 |
* Mon Jul 16 2018 Lumír Balhar <lbalhar@redhat.com> - 1.23-5
|
|
|
3ae537 |
- First version for python27 module
|