!32 fix CVE-2022-36087

From: @zhuofeng6 
Reviewed-by: @xiezhipeng1 
Signed-off-by: @xiezhipeng1

backport-Add-check-of-performance-of-ipv6-check.patch

@@ -0,0 +1,28 @@
+From e514826eea15f2b62bbc13da407b71552ef5ff4c Mon Sep 17 00:00:00 2001
+From: Jonathan Huot <jonathan.huot@gmail.com>
+Date: Fri, 2 Sep 2022 23:22:17 +0200
+Subject: [PATCH] Add check of performance of ipv6 check
+
+---
+ tests/test_uri_validate.py | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/tests/test_uri_validate.py b/tests/test_uri_validate.py
+index 3489d95..1ef8b1f 100644
+--- a/tests/test_uri_validate.py
++++ b/tests/test_uri_validate.py
+@@ -31,3 +31,11 @@ class UriValidateTest(TestCase):
+         self.assertIsNone(is_absolute_uri('wrong'))
+         self.assertIsNone(is_absolute_uri('http://[:1]:38432/path'))
+         self.assertIsNone(is_absolute_uri('http://[abcd:efgh::1]/'))
++
++    def test_recursive_regex(self):
++        from datetime import datetime
++        t0 = datetime.now()
++        self.assertIsNone(is_absolute_uri('http://[::::::::::::::::::::::::::]/path'))
++        t1 = datetime.now()
++        spent = t1 - t0
++        self.assertGreater(0.1, spent.total_seconds(), "possible recursive loop detected")
+-- 
+2.33.0
+

backport-CVE-2022-36087.patch

@@ -0,0 +1,115 @@
+From 5d85c61998692643dd9d17e05d2646e06ce391e8 Mon Sep 17 00:00:00 2001
+From: Jonathan Huot <jonathan.huot@gmail.com>
+Date: Tue, 6 Sep 2022 21:56:40 +0200
+Subject: [PATCH] Fix IPV6 regex used to check redirect_uri
+
+---
+ oauthlib/uri_validate.py   |  2 +-
+ tests/test_uri_validate.py | 51 +++++++++++++++++++++++++++++++++++---
+ 2 files changed, 48 insertions(+), 5 deletions(-)
+
+diff --git a/oauthlib/uri_validate.py b/oauthlib/uri_validate.py
+index 8a6d9c2..a6fe0fb 100644
+--- a/oauthlib/uri_validate.py
++++ b/oauthlib/uri_validate.py
+@@ -66,7 +66,7 @@ IPv4address = r"%(dec_octet)s \. %(dec_octet)s \. %(dec_octet)s \. %(dec_octet)s
+ )
+ 
+ #   IPv6address
+-IPv6address = r"([A-Fa-f0-9:]+:+)+[A-Fa-f0-9]+"
++IPv6address = r"([A-Fa-f0-9:]+[:$])[A-Fa-f0-9]{1,4}"
+ 
+ #   IPvFuture     = "v" 1*HEXDIG "." 1*( unreserved / sub-delims / ":" )
+ IPvFuture = r"v %(HEXDIG)s+ \. (?: %(unreserved)s | %(sub_delims)s | : )+" % locals()
+diff --git a/tests/test_uri_validate.py b/tests/test_uri_validate.py
+index 1ef8b1f..6a9f8ea 100644
+--- a/tests/test_uri_validate.py
++++ b/tests/test_uri_validate.py
+@@ -1,4 +1,4 @@
+-import oauthlib
++import unittest
+ from oauthlib.uri_validate import is_absolute_uri
+ 
+ from tests.unittest import TestCase
+@@ -7,7 +7,6 @@ from tests.unittest import TestCase
+ class UriValidateTest(TestCase):
+ 
+     def test_is_absolute_uri(self):
+-
+         self.assertIsNotNone(is_absolute_uri('schema://example.com/path'))
+         self.assertIsNotNone(is_absolute_uri('https://example.com/path'))
+         self.assertIsNotNone(is_absolute_uri('https://example.com'))
+@@ -17,16 +16,60 @@ class UriValidateTest(TestCase):
+         self.assertIsNotNone(is_absolute_uri('http://example.com'))
+         self.assertIsNotNone(is_absolute_uri('http://example.com/path'))
+         self.assertIsNotNone(is_absolute_uri('http://example.com:80/path'))
+-        self.assertIsNotNone(is_absolute_uri('com.example.bundle.id:/'))
++
++    def test_query(self):
++        self.assertIsNotNone(is_absolute_uri('http://example.com:80/path?foo'))
++        self.assertIsNotNone(is_absolute_uri('http://example.com:80/path?foo=bar'))
++        self.assertIsNotNone(is_absolute_uri('http://example.com:80/path?foo=bar&fruit=banana'))
++
++    def test_fragment_forbidden(self):
++        self.assertIsNone(is_absolute_uri('http://example.com:80/path#foo'))
++        self.assertIsNone(is_absolute_uri('http://example.com:80/path#foo=bar'))
++        self.assertIsNone(is_absolute_uri('http://example.com:80/path#foo=bar&fruit=banana'))
++
++    def test_combined_forbidden(self):
++        self.assertIsNone(is_absolute_uri('http://example.com:80/path?foo#bar'))
++        self.assertIsNone(is_absolute_uri('http://example.com:80/path?foo&bar#fruit'))
++        self.assertIsNone(is_absolute_uri('http://example.com:80/path?foo=1&bar#fruit=banana'))
++        self.assertIsNone(is_absolute_uri('http://example.com:80/path?foo=1&bar=2#fruit=banana&bar=foo'))
++
++    def test_custom_scheme(self):
++        self.assertIsNotNone(is_absolute_uri('com.example.bundle.id://'))
++
++    def test_ipv6_bracket(self):
+         self.assertIsNotNone(is_absolute_uri('http://[::1]:38432/path'))
+         self.assertIsNotNone(is_absolute_uri('http://[::1]/path'))
+         self.assertIsNotNone(is_absolute_uri('http://[fd01:0001::1]/path'))
+         self.assertIsNotNone(is_absolute_uri('http://[fd01:1::1]/path'))
+         self.assertIsNotNone(is_absolute_uri('http://[0123:4567:89ab:cdef:0123:4567:89ab:cdef]/path'))
++        self.assertIsNotNone(is_absolute_uri('http://[0123:4567:89ab:cdef:0123:4567:89ab:cdef]:8080/path'))
++
++    @unittest.skip("ipv6 edge-cases not supported")
++    def test_ipv6_edge_cases(self):
++        self.assertIsNotNone(is_absolute_uri('http://2001:db8::'))
++        self.assertIsNotNone(is_absolute_uri('http://::1234:5678'))
++        self.assertIsNotNone(is_absolute_uri('http://2001:db8::1234:5678'))
++        self.assertIsNotNone(is_absolute_uri('http://2001:db8:3333:4444:5555:6666:7777:8888'))
++        self.assertIsNotNone(is_absolute_uri('http://2001:db8:3333:4444:CCCC:DDDD:EEEE:FFFF'))
++        self.assertIsNotNone(is_absolute_uri('http://0123:4567:89ab:cdef:0123:4567:89ab:cdef/path'))
++        self.assertIsNotNone(is_absolute_uri('http://::'))
++        self.assertIsNotNone(is_absolute_uri('http://2001:0db8:0001:0000:0000:0ab9:C0A8:0102'))
++
++    @unittest.skip("ipv6 dual ipv4 not supported")
++    def test_ipv6_dual(self):
++        self.assertIsNotNone(is_absolute_uri('http://2001:db8:3333:4444:5555:6666:1.2.3.4'))
++        self.assertIsNotNone(is_absolute_uri('http://::11.22.33.44'))
++        self.assertIsNotNone(is_absolute_uri('http://2001:db8::123.123.123.123'))
++        self.assertIsNotNone(is_absolute_uri('http://::1234:5678:91.123.4.56'))
++        self.assertIsNotNone(is_absolute_uri('http://::1234:5678:1.2.3.4'))
++        self.assertIsNotNone(is_absolute_uri('http://2001:db8::1234:5678:5.6.7.8'))
++
++    def test_ipv4(self):
+         self.assertIsNotNone(is_absolute_uri('http://127.0.0.1:38432/'))
+         self.assertIsNotNone(is_absolute_uri('http://127.0.0.1:38432/'))
+         self.assertIsNotNone(is_absolute_uri('http://127.1:38432/'))
+ 
++    def test_failures(self):
+         self.assertIsNone(is_absolute_uri('http://example.com:notaport/path'))
+         self.assertIsNone(is_absolute_uri('wrong'))
+         self.assertIsNone(is_absolute_uri('http://[:1]:38432/path'))
+@@ -35,7 +78,7 @@ class UriValidateTest(TestCase):
+     def test_recursive_regex(self):
+         from datetime import datetime
+         t0 = datetime.now()
+-        self.assertIsNone(is_absolute_uri('http://[::::::::::::::::::::::::::]/path'))
++        is_absolute_uri('http://[::::::::::::::::::::::::::]/path')
+         t1 = datetime.now()
+         spent = t1 - t0
+         self.assertGreater(0.1, spent.total_seconds(), "possible recursive loop detected")
+-- 
+2.33.0
+

backport-Use-unittest.mock-instead-of-external-mock.patch.patch

@@ -0,0 +1,519 @@
+From: Daniele Tricoli <eriol@debian.org>
+Date: Wed, 17 Jun 2020 01:58:02 +0200
+Subject: Use unittest.mock instead of external mock
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Backport of upstream fix made by Michał Górny.
+
+See https://github.com/oauthlib/oauthlib/commit/d4716eb95e9590bb47381a64cda1d57bad8dd907
+---
+ tests/oauth1/rfc5849/endpoints/test_access_token.py                     | 2 +-
+ tests/oauth1/rfc5849/endpoints/test_authorization.py                    | 2 +-
+ tests/oauth1/rfc5849/endpoints/test_base.py                             | 2 +-
+ tests/oauth1/rfc5849/endpoints/test_request_token.py                    | 2 +-
+ tests/oauth1/rfc5849/endpoints/test_resource.py                         | 2 +-
+ tests/oauth1/rfc5849/endpoints/test_signature_only.py                   | 2 +-
+ tests/oauth2/rfc6749/clients/test_backend_application.py                | 2 +-
+ tests/oauth2/rfc6749/clients/test_legacy_application.py                 | 2 +-
+ tests/oauth2/rfc6749/clients/test_mobile_application.py                 | 2 +-
+ tests/oauth2/rfc6749/clients/test_service_application.py                | 2 +-
+ tests/oauth2/rfc6749/clients/test_web_application.py                    | 2 +-
+ tests/oauth2/rfc6749/endpoints/test_client_authentication.py            | 2 +-
+ tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py         | 2 +-
+ tests/oauth2/rfc6749/endpoints/test_error_responses.py                  | 2 +-
+ tests/oauth2/rfc6749/endpoints/test_extra_credentials.py                | 2 +-
+ tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py              | 2 +-
+ tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py       | 2 +-
+ tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py              | 2 +-
+ tests/oauth2/rfc6749/endpoints/test_scope_handling.py                   | 2 +-
+ tests/oauth2/rfc6749/grant_types/test_authorization_code.py             | 2 +-
+ tests/oauth2/rfc6749/grant_types/test_client_credentials.py             | 2 +-
+ tests/oauth2/rfc6749/grant_types/test_implicit.py                       | 2 +-
+ tests/oauth2/rfc6749/grant_types/test_refresh_token.py                  | 2 +-
+ tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py        | 2 +-
+ tests/oauth2/rfc6749/test_parameters.py                                 | 2 +-
+ tests/oauth2/rfc6749/test_server.py                                     | 2 +-
+ tests/oauth2/rfc6749/test_tokens.py                                     | 2 +-
+ tests/openid/connect/core/endpoints/test_claims_handling.py             | 2 +-
+ .../connect/core/endpoints/test_openid_connect_params_handling.py       | 2 +-
+ tests/openid/connect/core/endpoints/test_userinfo_endpoint.py           | 2 +-
+ tests/openid/connect/core/grant_types/test_authorization_code.py        | 2 +-
+ tests/openid/connect/core/grant_types/test_base.py                      | 2 +-
+ tests/openid/connect/core/grant_types/test_dispatchers.py               | 2 +-
+ tests/openid/connect/core/grant_types/test_hybrid.py                    | 2 +-
+ tests/openid/connect/core/grant_types/test_implicit.py                  | 2 +-
+ tests/openid/connect/core/test_server.py                                | 2 +-
+ tests/openid/connect/core/test_tokens.py                                | 2 +-
+ 37 files changed, 37 insertions(+), 37 deletions(-)
+
+diff --git a/tests/oauth1/rfc5849/endpoints/test_access_token.py b/tests/oauth1/rfc5849/endpoints/test_access_token.py
+index 3499fdb..bc27831 100644
+--- a/tests/oauth1/rfc5849/endpoints/test_access_token.py
++++ b/tests/oauth1/rfc5849/endpoints/test_access_token.py
+@@ -1,6 +1,6 @@
+ from __future__ import absolute_import, unicode_literals
+ 
+-from mock import ANY, MagicMock
++from unittest.mock import ANY, MagicMock
+ 
+ from oauthlib.oauth1 import RequestValidator
+ from oauthlib.oauth1.rfc5849 import Client
+diff --git a/tests/oauth1/rfc5849/endpoints/test_authorization.py b/tests/oauth1/rfc5849/endpoints/test_authorization.py
+index e9d3604..5cbebb6 100644
+--- a/tests/oauth1/rfc5849/endpoints/test_authorization.py
++++ b/tests/oauth1/rfc5849/endpoints/test_authorization.py
+@@ -1,6 +1,6 @@
+ from __future__ import absolute_import, unicode_literals
+ 
+-from mock import MagicMock
++from unittest.mock import MagicMock
+ 
+ from oauthlib.oauth1 import RequestValidator
+ from oauthlib.oauth1.rfc5849 import errors
+diff --git a/tests/oauth1/rfc5849/endpoints/test_base.py b/tests/oauth1/rfc5849/endpoints/test_base.py
+index 795ddee..24d1ffb 100644
+--- a/tests/oauth1/rfc5849/endpoints/test_base.py
++++ b/tests/oauth1/rfc5849/endpoints/test_base.py
+@@ -2,7 +2,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ from re import sub
+ 
+-from mock import MagicMock
++from unittest.mock import MagicMock
+ 
+ from oauthlib.common import CaseInsensitiveDict, safe_string_equals
+ from oauthlib.oauth1 import Client, RequestValidator
+diff --git a/tests/oauth1/rfc5849/endpoints/test_request_token.py b/tests/oauth1/rfc5849/endpoints/test_request_token.py
+index 5c9ae88..3764528 100644
+--- a/tests/oauth1/rfc5849/endpoints/test_request_token.py
++++ b/tests/oauth1/rfc5849/endpoints/test_request_token.py
+@@ -1,6 +1,6 @@
+ from __future__ import absolute_import, unicode_literals
+ 
+-from mock import ANY, MagicMock
++from unittest.mock import ANY, MagicMock
+ 
+ from oauthlib.oauth1 import RequestValidator
+ from oauthlib.oauth1.rfc5849 import Client
+diff --git a/tests/oauth1/rfc5849/endpoints/test_resource.py b/tests/oauth1/rfc5849/endpoints/test_resource.py
+index b71412a..9fd5422 100644
+--- a/tests/oauth1/rfc5849/endpoints/test_resource.py
++++ b/tests/oauth1/rfc5849/endpoints/test_resource.py
+@@ -1,6 +1,6 @@
+ from __future__ import absolute_import, unicode_literals
+ 
+-from mock import ANY, MagicMock
++from unittest.mock import ANY, MagicMock
+ 
+ from oauthlib.oauth1 import RequestValidator
+ from oauthlib.oauth1.rfc5849 import Client
+diff --git a/tests/oauth1/rfc5849/endpoints/test_signature_only.py b/tests/oauth1/rfc5849/endpoints/test_signature_only.py
+index 1d758b1..4c2c04b 100644
+--- a/tests/oauth1/rfc5849/endpoints/test_signature_only.py
++++ b/tests/oauth1/rfc5849/endpoints/test_signature_only.py
+@@ -1,6 +1,6 @@
+ from __future__ import absolute_import, unicode_literals
+ 
+-from mock import ANY, MagicMock
++from unittest.mock import ANY, MagicMock
+ 
+ from oauthlib.oauth1 import RequestValidator
+ from oauthlib.oauth1.rfc5849 import Client
+diff --git a/tests/oauth2/rfc6749/clients/test_backend_application.py b/tests/oauth2/rfc6749/clients/test_backend_application.py
+index aa2ba2b..0ae92a5 100644
+--- a/tests/oauth2/rfc6749/clients/test_backend_application.py
++++ b/tests/oauth2/rfc6749/clients/test_backend_application.py
+@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import os
+ 
+-from mock import patch
++from unittest.mock import patch
+ 
+ from oauthlib import signals
+ from oauthlib.oauth2 import BackendApplicationClient
+diff --git a/tests/oauth2/rfc6749/clients/test_legacy_application.py b/tests/oauth2/rfc6749/clients/test_legacy_application.py
+index 21af4a3..eeaa990 100644
+--- a/tests/oauth2/rfc6749/clients/test_legacy_application.py
++++ b/tests/oauth2/rfc6749/clients/test_legacy_application.py
+@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import os
+ 
+-from mock import patch
++from unittest.mock import patch
+ 
+ from oauthlib import signals
+ from oauthlib.oauth2 import LegacyApplicationClient
+diff --git a/tests/oauth2/rfc6749/clients/test_mobile_application.py b/tests/oauth2/rfc6749/clients/test_mobile_application.py
+index 622b275..7595ce9 100644
+--- a/tests/oauth2/rfc6749/clients/test_mobile_application.py
++++ b/tests/oauth2/rfc6749/clients/test_mobile_application.py
+@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import os
+ 
+-from mock import patch
++from unittest.mock import patch
+ 
+ from oauthlib import signals
+ from oauthlib.oauth2 import MobileApplicationClient
+diff --git a/tests/oauth2/rfc6749/clients/test_service_application.py b/tests/oauth2/rfc6749/clients/test_service_application.py
+index dc337cf..ceb48f2 100644
+--- a/tests/oauth2/rfc6749/clients/test_service_application.py
++++ b/tests/oauth2/rfc6749/clients/test_service_application.py
+@@ -5,7 +5,7 @@ import os
+ from time import time
+ 
+ import jwt
+-from mock import patch
++from unittest.mock import patch
+ 
+ from oauthlib.common import Request
+ from oauthlib.oauth2 import ServiceApplicationClient
+diff --git a/tests/oauth2/rfc6749/clients/test_web_application.py b/tests/oauth2/rfc6749/clients/test_web_application.py
+index 092f93e..eb6af27 100644
+--- a/tests/oauth2/rfc6749/clients/test_web_application.py
++++ b/tests/oauth2/rfc6749/clients/test_web_application.py
+@@ -5,7 +5,7 @@ import datetime
+ import os
+ import warnings
+ 
+-from mock import patch
++from unittest.mock import patch
+ 
+ from oauthlib import common, signals
+ from oauthlib.oauth2 import (BackendApplicationClient, Client,
+diff --git a/tests/oauth2/rfc6749/endpoints/test_client_authentication.py b/tests/oauth2/rfc6749/endpoints/test_client_authentication.py
+index 133da59..799f510 100644
+--- a/tests/oauth2/rfc6749/endpoints/test_client_authentication.py
++++ b/tests/oauth2/rfc6749/endpoints/test_client_authentication.py
+@@ -13,7 +13,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import json
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
+                              MobileApplicationServer, RequestValidator,
+diff --git a/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py b/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
+index e7c66b6..6cd25b2 100644
+--- a/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
++++ b/tests/oauth2/rfc6749/endpoints/test_credentials_preservation.py
+@@ -7,7 +7,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import json
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.oauth2 import (MobileApplicationServer, RequestValidator,
+                              WebApplicationServer)
+diff --git a/tests/oauth2/rfc6749/endpoints/test_error_responses.py b/tests/oauth2/rfc6749/endpoints/test_error_responses.py
+index 2479836..8697e32 100644
+--- a/tests/oauth2/rfc6749/endpoints/test_error_responses.py
++++ b/tests/oauth2/rfc6749/endpoints/test_error_responses.py
+@@ -4,7 +4,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import json
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.common import urlencode
+ from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
+diff --git a/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py b/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py
+index a12fcd2..5d78d04 100644
+--- a/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py
++++ b/tests/oauth2/rfc6749/endpoints/test_extra_credentials.py
+@@ -2,7 +2,7 @@
+ """
+ from __future__ import absolute_import, unicode_literals
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
+                              MobileApplicationServer, RequestValidator,
+diff --git a/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py
+index ae3deae..f9827ce 100644
+--- a/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py
++++ b/tests/oauth2/rfc6749/endpoints/test_introspect_endpoint.py
+@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ from json import loads
+ 
+-from mock import MagicMock
++from unittest.mock import MagicMock
+ 
+ from oauthlib.common import urlencode
+ from oauthlib.oauth2 import RequestValidator, IntrospectEndpoint
+diff --git a/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py b/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py
+index e823286..472330c 100644
+--- a/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py
++++ b/tests/oauth2/rfc6749/endpoints/test_resource_owner_association.py
+@@ -4,7 +4,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import json
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
+                              MobileApplicationServer, RequestValidator,
+diff --git a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py
+index 17be3a5..aec5acc 100644
+--- a/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py
++++ b/tests/oauth2/rfc6749/endpoints/test_revocation_endpoint.py
+@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ from json import loads
+ 
+-from mock import MagicMock
++from unittest.mock import MagicMock
+ 
+ from oauthlib.common import urlencode
+ from oauthlib.oauth2 import RequestValidator, RevocationEndpoint
+diff --git a/tests/oauth2/rfc6749/endpoints/test_scope_handling.py b/tests/oauth2/rfc6749/endpoints/test_scope_handling.py
+index 4f27963..97e00ed 100644
+--- a/tests/oauth2/rfc6749/endpoints/test_scope_handling.py
++++ b/tests/oauth2/rfc6749/endpoints/test_scope_handling.py
+@@ -7,7 +7,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import json
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.oauth2 import (BackendApplicationServer, LegacyApplicationServer,
+                              MobileApplicationServer, RequestValidator, Server,
+diff --git a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
+index 2c9db3c..4b45875 100644
+--- a/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
++++ b/tests/oauth2/rfc6749/grant_types/test_authorization_code.py
+@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import json
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.common import Request
+ from oauthlib.oauth2.rfc6749 import errors
+diff --git a/tests/oauth2/rfc6749/grant_types/test_client_credentials.py b/tests/oauth2/rfc6749/grant_types/test_client_credentials.py
+index edc6bfe..fbd054f 100644
+--- a/tests/oauth2/rfc6749/grant_types/test_client_credentials.py
++++ b/tests/oauth2/rfc6749/grant_types/test_client_credentials.py
+@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import json
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.common import Request
+ from oauthlib.oauth2.rfc6749.grant_types import ClientCredentialsGrant
+diff --git a/tests/oauth2/rfc6749/grant_types/test_implicit.py b/tests/oauth2/rfc6749/grant_types/test_implicit.py
+index 0c18cab..c4bbeda 100644
+--- a/tests/oauth2/rfc6749/grant_types/test_implicit.py
++++ b/tests/oauth2/rfc6749/grant_types/test_implicit.py
+@@ -1,7 +1,7 @@
+ # -*- coding: utf-8 -*-
+ from __future__ import absolute_import, unicode_literals
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.common import Request
+ from oauthlib.oauth2.rfc6749.grant_types import ImplicitGrant
+diff --git a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py
+index 32a0977..ef64c69 100644
+--- a/tests/oauth2/rfc6749/grant_types/test_refresh_token.py
++++ b/tests/oauth2/rfc6749/grant_types/test_refresh_token.py
+@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import json
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.common import Request
+ from oauthlib.oauth2.rfc6749 import errors
+diff --git a/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py b/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py
+index 82e0524..0373e32 100644
+--- a/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py
++++ b/tests/oauth2/rfc6749/grant_types/test_resource_owner_password.py
+@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import json
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.common import Request
+ from oauthlib.oauth2.rfc6749 import errors
+diff --git a/tests/oauth2/rfc6749/test_parameters.py b/tests/oauth2/rfc6749/test_parameters.py
+index 48b7eac..fdbd1df 100644
+--- a/tests/oauth2/rfc6749/test_parameters.py
++++ b/tests/oauth2/rfc6749/test_parameters.py
+@@ -1,6 +1,6 @@
+ from __future__ import absolute_import, unicode_literals
+ 
+-from mock import patch
++from unittest.mock import patch
+ 
+ from oauthlib import signals
+ from oauthlib.oauth2.rfc6749.errors import *
+diff --git a/tests/oauth2/rfc6749/test_server.py b/tests/oauth2/rfc6749/test_server.py
+index 2c6ecff..f966547 100644
+--- a/tests/oauth2/rfc6749/test_server.py
++++ b/tests/oauth2/rfc6749/test_server.py
+@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import json
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib import common
+ from oauthlib.oauth2.rfc6749 import errors, tokens
+diff --git a/tests/oauth2/rfc6749/test_tokens.py b/tests/oauth2/rfc6749/test_tokens.py
+index e6f49b1..219486e 100644
+--- a/tests/oauth2/rfc6749/test_tokens.py
++++ b/tests/oauth2/rfc6749/test_tokens.py
+@@ -1,6 +1,6 @@
+ from __future__ import absolute_import, unicode_literals
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.common import Request
+ from oauthlib.oauth2.rfc6749.tokens import (
+diff --git a/tests/openid/connect/core/endpoints/test_claims_handling.py b/tests/openid/connect/core/endpoints/test_claims_handling.py
+index 5f39d96..f86a176 100644
+--- a/tests/openid/connect/core/endpoints/test_claims_handling.py
++++ b/tests/openid/connect/core/endpoints/test_claims_handling.py
+@@ -8,7 +8,7 @@ The claims parameter is an optional query param for the Authorization Request en
+ """
+ from __future__ import absolute_import, unicode_literals
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.openid import RequestValidator
+ from oauthlib.openid.connect.core.endpoints.pre_configured import Server
+diff --git a/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py b/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py
+index 517239a..aaedbc2 100644
+--- a/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py
++++ b/tests/openid/connect/core/endpoints/test_openid_connect_params_handling.py
+@@ -1,6 +1,6 @@
+ from __future__ import absolute_import, unicode_literals
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.oauth2 import InvalidRequestError
+ from oauthlib.oauth2.rfc6749.endpoints.authorization import \
+diff --git a/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py b/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py
+index 4593d79..ff7986b 100644
+--- a/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py
++++ b/tests/openid/connect/core/endpoints/test_userinfo_endpoint.py
+@@ -1,7 +1,7 @@
+ # -*- coding: utf-8 -*-
+ from __future__ import absolute_import, unicode_literals
+ 
+-import mock
++from unittest import mock
+ import json
+ 
+ from oauthlib.openid import RequestValidator
+diff --git a/tests/openid/connect/core/grant_types/test_authorization_code.py b/tests/openid/connect/core/grant_types/test_authorization_code.py
+index b721a19..06b1340 100644
+--- a/tests/openid/connect/core/grant_types/test_authorization_code.py
++++ b/tests/openid/connect/core/grant_types/test_authorization_code.py
+@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import json
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.common import Request
+ from oauthlib.oauth2.rfc6749.tokens import BearerToken
+diff --git a/tests/openid/connect/core/grant_types/test_base.py b/tests/openid/connect/core/grant_types/test_base.py
+index d506b7e..786b24b 100644
+--- a/tests/openid/connect/core/grant_types/test_base.py
++++ b/tests/openid/connect/core/grant_types/test_base.py
+@@ -1,5 +1,5 @@
+ # -*- coding: utf-8 -*-
+-import mock
++from unittest import mock
+ import time
+ 
+ from oauthlib.common import Request
+diff --git a/tests/openid/connect/core/grant_types/test_dispatchers.py b/tests/openid/connect/core/grant_types/test_dispatchers.py
+index 9e45d65..c746e25 100644
+--- a/tests/openid/connect/core/grant_types/test_dispatchers.py
++++ b/tests/openid/connect/core/grant_types/test_dispatchers.py
+@@ -1,6 +1,6 @@
+ # -*- coding: utf-8 -*-
+ from __future__ import absolute_import, unicode_literals
+-import mock
++from unittest import mock
+ 
+ from oauthlib.common import Request
+ 
+diff --git a/tests/openid/connect/core/grant_types/test_hybrid.py b/tests/openid/connect/core/grant_types/test_hybrid.py
+index 0aa0add..336c9f2 100644
+--- a/tests/openid/connect/core/grant_types/test_hybrid.py
++++ b/tests/openid/connect/core/grant_types/test_hybrid.py
+@@ -1,7 +1,7 @@
+ # -*- coding: utf-8 -*-
+ from __future__ import absolute_import, unicode_literals
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.oauth2.rfc6749 import errors
+ from oauthlib.oauth2.rfc6749.tokens import BearerToken
+diff --git a/tests/openid/connect/core/grant_types/test_implicit.py b/tests/openid/connect/core/grant_types/test_implicit.py
+index 1ee805c..c1aadaf 100644
+--- a/tests/openid/connect/core/grant_types/test_implicit.py
++++ b/tests/openid/connect/core/grant_types/test_implicit.py
+@@ -1,7 +1,7 @@
+ # -*- coding: utf-8 -*-
+ from __future__ import absolute_import, unicode_literals
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.common import Request
+ from oauthlib.oauth2.rfc6749 import errors
+diff --git a/tests/openid/connect/core/test_server.py b/tests/openid/connect/core/test_server.py
+index 756c9d0..87b3a9e 100644
+--- a/tests/openid/connect/core/test_server.py
++++ b/tests/openid/connect/core/test_server.py
+@@ -3,7 +3,7 @@ from __future__ import absolute_import, unicode_literals
+ 
+ import json
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.oauth2.rfc6749 import errors
+ from oauthlib.oauth2.rfc6749.endpoints.authorization import AuthorizationEndpoint
+diff --git a/tests/openid/connect/core/test_tokens.py b/tests/openid/connect/core/test_tokens.py
+index fde89d6..7dc7433 100644
+--- a/tests/openid/connect/core/test_tokens.py
++++ b/tests/openid/connect/core/test_tokens.py
+@@ -1,6 +1,6 @@
+ from __future__ import absolute_import, unicode_literals
+ 
+-import mock
++from unittest import mock
+ 
+ from oauthlib.openid.connect.core.tokens import JWTToken
+ 

python-oauthlib.spec

@@ -1,11 +1,14 @@
+%global modname oauthlib
 Name:		python-oauthlib
-Version:	3.1.0
-Release:	1
+Version:	3.1.1
+Release:	3
 Summary:	Python Framework for OAuth1 & OAuth2
 License:	BSD
 URL:		https://github.com/oauthlib/oauthlib
-Source0:	https://github.com/oauthlib/oauthlib/archive/oauthlib-%{version}.tar.gz
+Source0:	https://github.com/oauthlib/oauthlib/archive/v%{version}.tar.gz
 
+Patch6000:      backport-Add-check-of-performance-of-ipv6-check.patch
+Patch6001:      backport-CVE-2022-36087.patch
 	
 BuildArch:      noarch
 
@@ -17,78 +20,66 @@ provide support onto your favourite web framework. If you're a
 maintainer of such a library, write a thin veneer on top of OAuthLib 
 and get OAuth support for very little effort.
 
-%if 0%{?with_python2}
-%package -n     python2-oauthlib
-Summary:        Python2 package for oauthlib
-BuildRequires:  python2-devel python2-setuptools python2-nose python2-mock
-BuildRequires:  python2-blinker python2-jwt python2-cryptography
-Requires:       python2-jwt python2-cryptography     
-
-%description -n python2-oauthlib
-Python2 package for oauthlib
-%endif
-
-%if 0%{?with_python3}
 %package -n     python3-oauthlib
 Summary:        Python3 package for oauthlib
-BuildRequires:  python3-devel python3-setuptools python3-nose python3-mock
+%{?python_provide:%python_provide python3-%{modname}}
+BuildRequires:  python3-devel python3-setuptools python3-mock
 BuildRequires:  python3-blinker python3-jwt python3-cryptography
 Requires:       python3-jwt python3-cryptography
 	
 %description -n python3-oauthlib
 Python3 package for oauthlib
-%endif
 
 %prep
 %autosetup -n oauthlib-%{version} -p1
 sed -i "s/'unittest2', //" setup.py
+rm -rf %{modname}.egg-info
 
 %build
-%if 0%{?with_python2}
-%py2_build
-%endif
-
-%if 0%{?with_python3}
 %py3_build
-%endif
 
 %install
-%if 0%{?with_python2}
-%py2_install
-%endif
-
-%if 0%{?with_python3}
 %py3_install
-%endif
 
 %check
-%if 0%{?with_python2}
-%{__python2} setup.py test
-%endif
-
-%if 0%{?with_python3}
 %{__python3} setup.py test
-%endif
 
-%if 0%{?with_python2}
-%files -n python2-oauthlib
-%defattr(-,root,root)
-%doc README.rst
-%license LICENSE
-%{python2_sitelib}/oauthlib/*
-%{python2_sitelib}/oauthlib-%{version}*
-%endif
-
-%if 0%{?with_python3}
 %files -n python3-oauthlib
 %defattr(-,root,root)
 %doc README.rst
 %license LICENSE
 %{python3_sitelib}/oauthlib/*
 %{python3_sitelib}/oauthlib-%{version}*
-%endif
+
 
 %changelog
+* Mon Sep 26 2022 zhuofeng<zhuofeng2@huawei.com> - 3.1.1-3
+- Type:CVE
+- CVE:CVE-2022-36087
+- SUG:NA
+- DESC:fix CVE-2022-36087
+
+* Tue Mar 29 2022 wangjiang <wangjiang37@h-partners.com> - 3.1.1-2
+- Provides python-oauthlib
+
+* Fri Dec 17 2021 renhongxun <renhongxun@huawei.com> - 3.1.1-1
+- Type: bugfix
+- ID: NA
+- SUG: NA
+- DESC: upgrade version to 3.1.1
+
+* Tue Sep 8 2020 shixuantong <shixuantong@huawei.com> - 3.1.0-3
+- Type: bugfix
+- ID: NA
+- SUG: NA
+- DESC: update Source0
+
+* Thu Aug 6 2020 wenzhanli<wenzhanli23@huawei.com> - 3.1.0-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:Remove python2 require and Fix make test
+
 * Thu Jul 23 2020 tianwei <tianwei12@huawei.com> - 3.1.0-1
 - Package update to release 3.1.0