0001-cancel-require-pyparsing-version-limit.patch

@@ -1,33 +0,0 @@
-From 217b969872938cb021e914c202b8e09cf639c202 Mon Sep 17 00:00:00 2001
-From: bzg1107 <preloyalwhite@163.com>
-Date: Tue, 4 Jan 2022 16:02:44 +0800
-Subject: [PATCH] cancel require pyparsing version limit
-
----
- python3/httplib2/auth.py | 2 +-
- requirements.txt         | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/python3/httplib2/auth.py b/python3/httplib2/auth.py
-index 516fdaa..9d9d7ed 100644
---- a/python3/httplib2/auth.py
-+++ b/python3/httplib2/auth.py
-@@ -15,7 +15,7 @@ token = pp.Word(tchar).setName("token")
- token68 = pp.Combine(pp.Word("-._~+/" + pp.nums + pp.alphas) + pp.ZeroOrMore("=")).setName("token68")
- 
- quoted_string = pp.dblQuotedString.copy().setName("quoted-string").setParseAction(unquote)
--auth_param_name = token.copy().setName("auth-param-name").addParseAction(pp.downcaseTokens)
-+auth_param_name = token.copy().setName("auth-param-name").addParseAction(pp.pyparsing_common.downcase_tokens)
- auth_param = auth_param_name + pp.Suppress("=") + (token ^ quoted_string)
- params = pp.Dict(pp.delimitedList(pp.Group(auth_param)))
- 
-diff --git a/requirements.txt b/requirements.txt
-index 4ebe545..bc8d448 100644
---- a/requirements.txt
-+++ b/requirements.txt
-@@ -1 +1 @@
--pyparsing>=2.4.2,<3 # TODO include v3 after dropping Python2 support
-+pyparsing>=2.4.2 # TODO include v3 after dropping Python2 support
--- 
-2.30.0
-

CVE-2020-11078.patch

@@ -0,0 +1,46 @@
+From a1457cc31f3206cf691d11d2bf34e98865873e9e Mon Sep 17 00:00:00 2001
+From: Sergey Shepelev <temotor@gmail.com>
+Date: Wed, 20 May 2020 14:56:12 +0300
+Subject: [PATCH] IMPORTANT security vulnerability CWE-93 CRLF injection
+
+Force %xx quote of space, CR, LF characters in uri.
+
+Special thanks to Recar https://github.com/Ciyfly for discrete notification.
+
+https://cwe.mitre.org/data/definitions/93.html
+---
+ python2/httplib2/__init__.py |  3 +++
+ python3/httplib2/__init__.py |  3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/python2/httplib2/__init__.py b/python2/httplib2/__init__.py
+index 97e06c1..34281b7 100644
+--- a/python2/httplib2/__init__.py
++++ b/python2/httplib2/__init__.py
+@@ -1985,6 +1985,9 @@ class Http(object):
+                 headers["user-agent"] = "Python-httplib2/%s (gzip)" % __version__
+ 
+             uri = iri2uri(uri)
++            # Prevent CWE-75 space injection to manipulate request via part of uri.
++            # Prevent CWE-93 CRLF injection to modify headers via part of uri.
++            uri = uri.replace(" ", "%20").replace("\r", "%0D").replace("\n", "%0A")
+ 
+             (scheme, authority, request_uri, defrag_uri) = urlnorm(uri)
+ 
+diff --git a/python3/httplib2/__init__.py b/python3/httplib2/__init__.py
+index 8785cc1..c0b1418 100644
+--- a/python3/httplib2/__init__.py
++++ b/python3/httplib2/__init__.py
+@@ -1790,6 +1790,9 @@ a string that contains the response entity body.
+                 headers["user-agent"] = "Python-httplib2/%s (gzip)" % __version__
+ 
+             uri = iri2uri(uri)
++            # Prevent CWE-75 space injection to manipulate request via part of uri.
++            # Prevent CWE-93 CRLF injection to modify headers via part of uri.
++            uri = uri.replace(" ", "%20").replace("\r", "%0D").replace("\n", "%0A")
+ 
+             (scheme, authority, request_uri, defrag_uri) = urlnorm(uri)
+ 
+-- 
+2.23.0
+

Use-mock-from-the-standard-library.patch

@@ -1,93 +0,0 @@
-From f88fe0a1142f71215fea95be9900eaecb546f7b5 Mon Sep 17 00:00:00 2001
-From: Pavel Cahyna <pcahyna@redhat.com>
-Date: Wed, 3 Mar 2021 22:07:25 +0100
-Subject: [PATCH] Use mock from the standard library
-
-Since Python 3.3, mock is part of unittest in the standard library.
-
-Provide compatibility for older versions, since httplib2 seems to still
-support Python2.
----
- requirements-test.txt          | 2 +-
- tests/test_cacerts_from_env.py | 5 ++++-
- tests/test_http.py             | 5 ++++-
- tests/test_other.py            | 5 ++++-
- tests/test_proxy.py            | 5 ++++-
- 5 files changed, 17 insertions(+), 5 deletions(-)
-
-diff --git a/requirements-test.txt b/requirements-test.txt
-index d208a8f..623875e 100644
---- a/requirements-test.txt
-+++ b/requirements-test.txt
-@@ -1,6 +1,6 @@
- flake8==3.4.1
- future==0.16.0
--mock==2.0.0
-+mock==2.0.0;python_version<"3.3"
- pytest-cov==2.5.1
- pytest-forked==0.2
- pytest-randomly==1.2.1
-diff --git a/tests/test_cacerts_from_env.py b/tests/test_cacerts_from_env.py
-index cb2bd9f..f04ba0e 100644
---- a/tests/test_cacerts_from_env.py
-+++ b/tests/test_cacerts_from_env.py
-@@ -1,6 +1,9 @@
- import os
- import sys
--import mock
-+try:
-+    from unittest import mock
-+except ImportError:
-+    import mock
- import pytest
- import tempfile
- import httplib2
-diff --git a/tests/test_http.py b/tests/test_http.py
-index f61992c..65bac01 100644
---- a/tests/test_http.py
-+++ b/tests/test_http.py
-@@ -5,7 +5,10 @@ from __future__ import print_function
- import email.utils
- import errno
- import httplib2
--import mock
-+try:
-+    from unittest import mock
-+except ImportError:
-+    import mock
- import os
- import pytest
- from six.moves import http_client, urllib
-diff --git a/tests/test_other.py b/tests/test_other.py
-index 0f450ab..6b902b9 100644
---- a/tests/test_other.py
-+++ b/tests/test_other.py
-@@ -1,5 +1,8 @@
- import httplib2
--import mock
-+try:
-+    from unittest import mock
-+except ImportError:
-+    import mock
- import os
- import pickle
- import pytest
-diff --git a/tests/test_proxy.py b/tests/test_proxy.py
-index edafe01..556b448 100644
---- a/tests/test_proxy.py
-+++ b/tests/test_proxy.py
-@@ -9,7 +9,10 @@ from __future__ import division
- from __future__ import print_function
- 
- import httplib2
--import mock
-+try:
-+    from unittest import mock
-+except ImportError:
-+    import mock
- import os
- import pytest
- import socket
--- 
-2.27.0
-

python-httplib2.spec

@@ -1,12 +1,12 @@
 Name:           python-httplib2
-Version:        0.19.0
+Version:        0.13.1
-Release:        5
+Release:        6
 Summary:        Small, fast HTTP client library for Python.
 License:        MIT
-URL:            https://github.com/httplib2/httplib2
+URL:	        https://github.com/httplib2/httplib2
-Source0:        https://files.pythonhosted.org/packages/ed/ef/f0e05d5886a9c25dea4b18be06cd7bcaddbae0168cc576f3568f9bd6a35a/httplib2-0.19.0.tar.gz
+Source0:        https://files.pythonhosted.org/packages/78/23/bb9606e87a66fd8c72a2b1a75b049d3859a122bc2648915be845bc44e04f/httplib2-0.13.1.tar.gz
-Patch0:		0001-cancel-require-pyparsing-version-limit.patch
+Patch0001:      CVE-2020-11078.patch
-Patch1:		Use-mock-from-the-standard-library.patch
+
 %if 0%{?with_python3}
 BuildRequires:  python3-setuptools python3-devel
 %endif 
@@ -20,13 +20,11 @@ features left out of other HTTP libraries.
 %if 0%{?with_python3}
 %package     -n python3-httplib2
 Summary:        Small, fast HTTP client library for Python.
-%{?python_provide:%python_provide python3-httplib2}
 
 %description -n python3-httplib2
 Small, fast HTTP client library for Python.
 %endif 
 
-
 %prep
 %autosetup -n httplib2-%{version} -p1
 
@@ -57,21 +55,6 @@ popd
 %endif
 
 %changelog
-* Thu Dec 28 fandehui <fandehui@xfusion.com> - 0.19.0-5
-- Use mock from the standard library
-
-* Mon Jan 9 2022 baizhonggui <baizhonggui@huawei.com> - 0.19.0-4
-- support newst pyparsing syntax
-
-* Sat Jan 8 2022 baizhonggui <baizhonggui@huawei.com> - 0.19.0-3
-- fix require pyparsing version limit
-
-* Wed Mar 31 2021 zhangjiapeng <zhangjiapeng9@huawei.com> - 0.19.0-2
-- python3-httplib2 provides python-httplib2
-
-* Tue Mar 2 2021 zhanghua <zhanghua40@huawei.com> - 0.19.0-1
-- update to 0.19.0 to fix CVE-2021-21240
-
 * Wed Oct 21 2020 leiju <leiju4@huawei.com> - 0.13.1-6
 - remove python2 subpackage