packages/python-urllib3
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:52d43ece69c23211d50d163646fae0b79b2361fc
Branches Tags
packages:main
..
compare: packages:ba0529de924f64c4a2498b6a5e4d2ba11a0c09c5
Branches Tags
packages:main

No commits in common. "52d43ece69c23211d50d163646fae0b79b2361fc" and "ba0529de924f64c4a2498b6a5e4d2ba11a0c09c5" have entirely different histories.
52d43ece69 ... ba0529de92

8 changed files with 11 additions and 555 deletions
Show Stats Expand all files Collapse all files

157
backport-CVE-2023-43804-added-the-Cookie-to-the-list-of-headers.patch
View File

@ -1,157 +0,0 @@
From 01220354d389cd05474713f8c982d05c9b17aafb Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <sethmichaellarson@gmail.com>
Date: Mon, 2 Oct 2023 11:43:46 -0500
Subject: [PATCH] Backport GHSA-v845-jxx5-vc9f (#3139)
Co-authored-by: Quentin Pradet <quentin.pradet@gmail.com>
Co-authored-by: Illia Volochii <illia.volochii@gmail.com>
Conflict:NA
Reference:https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb
---
src/urllib3/util/retry.py | 2 +-
test/test_retry.py | 4 ++--
test/test_retry_deprecated.py | 2 +-
test/with_dummyserver/test_poolmanager.py | 24 ++++++++++++++++++-----
4 files changed, 28 insertions(+), 9 deletions(-)
diff --git a/src/urllib3/util/retry.py b/src/urllib3/util/retry.py
index 2490d5e5b6..60ef6c4f3f 100644
--- a/src/urllib3/util/retry.py
+++ b/src/urllib3/util/retry.py
@@ -235,7 +235,7 @@ class Retry(object):
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
#: Default headers to be used for ``remove_headers_on_redirect``
- DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Authorization"])
+ DEFAULT_REMOVE_HEADERS_ON_REDIRECT = frozenset(["Cookie", "Authorization"])
#: Maximum backoff time.
DEFAULT_BACKOFF_MAX = 120
diff --git a/test/test_retry.py b/test/test_retry.py
index 21ba1e92e1..95a33e7461 100644
--- a/test/test_retry.py
+++ b/test/test_retry.py
@@ -293,12 +293,12 @@ def test_retry_method_not_in_whitelist(self):
def test_retry_default_remove_headers_on_redirect(self):
retry = Retry()
- assert list(retry.remove_headers_on_redirect) == ["authorization"]
+ assert retry.remove_headers_on_redirect == {"authorization", "cookie"}
def test_retry_set_remove_headers_on_redirect(self):
retry = Retry(remove_headers_on_redirect=["X-API-Secret"])
- assert list(retry.remove_headers_on_redirect) == ["x-api-secret"]
+ assert retry.remove_headers_on_redirect == {"x-api-secret"}
@pytest.mark.parametrize("value", ["-1", "+1", "1.0", six.u("\xb2")]) # \xb2 = ^2
def test_parse_retry_after_invalid(self, value):
diff --git a/test/test_retry_deprecated.py b/test/test_retry_deprecated.py
index f55c5d846b..5133a51afa 100644
--- a/test/test_retry_deprecated.py
+++ b/test/test_retry_deprecated.py
@@ -295,7 +295,7 @@ def test_retry_method_not_in_whitelist(self):
def test_retry_default_remove_headers_on_redirect(self):
retry = Retry()
- assert list(retry.remove_headers_on_redirect) == ["authorization"]
+ assert retry.remove_headers_on_redirect == {"authorization", "cookie"}
def test_retry_set_remove_headers_on_redirect(self):
retry = Retry(remove_headers_on_redirect=["X-API-Secret"])
diff --git a/test/with_dummyserver/test_poolmanager.py b/test/with_dummyserver/test_poolmanager.py
index fa07a372a9..02a38115c5 100644
--- a/test/with_dummyserver/test_poolmanager.py
+++ b/test/with_dummyserver/test_poolmanager.py
@@ -141,7 +141,7 @@ def test_redirect_cross_host_remove_headers(self):
"GET",
"%s/redirect" % self.base_url,
fields={"target": "%s/headers" % self.base_url_alt},
- headers={"Authorization": "foo"},
+ headers={"Authorization": "foo", "Cookie": "foo=bar"},
)
assert r.status == 200
@@ -149,12 +149,13 @@ def test_redirect_cross_host_remove_headers(self):
data = json.loads(r.data.decode("utf-8"))
assert "Authorization" not in data
+ assert "Cookie" not in data
r = http.request(
"GET",
"%s/redirect" % self.base_url,
fields={"target": "%s/headers" % self.base_url_alt},
- headers={"authorization": "foo"},
+ headers={"authorization": "foo", "cookie": "foo=bar"},
)
assert r.status == 200
@@ -163,6 +164,8 @@ def test_redirect_cross_host_remove_headers(self):
assert "authorization" not in data
assert "Authorization" not in data
+ assert "cookie" not in data
+ assert "Cookie" not in data
def test_redirect_cross_host_no_remove_headers(self):
with PoolManager() as http:
@@ -170,7 +173,7 @@ def test_redirect_cross_host_no_remove_headers(self):
"GET",
"%s/redirect" % self.base_url,
fields={"target": "%s/headers" % self.base_url_alt},
- headers={"Authorization": "foo"},
+ headers={"Authorization": "foo", "Cookie": "foo=bar"},
retries=Retry(remove_headers_on_redirect=[]),
)
@@ -179,6 +182,7 @@ def test_redirect_cross_host_no_remove_headers(self):
data = json.loads(r.data.decode("utf-8"))
assert data["Authorization"] == "foo"
+ assert data["Cookie"] == "foo=bar"
def test_redirect_cross_host_set_removed_headers(self):
with PoolManager() as http:
@@ -186,7 +190,11 @@ def test_redirect_cross_host_set_removed_headers(self):
"GET",
"%s/redirect" % self.base_url,
fields={"target": "%s/headers" % self.base_url_alt},
- headers={"X-API-Secret": "foo", "Authorization": "bar"},
+ headers={
+ "X-API-Secret": "foo",
+ "Authorization": "bar",
+ "Cookie": "foo=bar",
+ },
retries=Retry(remove_headers_on_redirect=["X-API-Secret"]),
)
@@ -196,12 +204,17 @@ def test_redirect_cross_host_set_removed_headers(self):
assert "X-API-Secret" not in data
assert data["Authorization"] == "bar"
+ assert data["Cookie"] == "foo=bar"
r = http.request(
"GET",
"%s/redirect" % self.base_url,
fields={"target": "%s/headers" % self.base_url_alt},
- headers={"x-api-secret": "foo", "authorization": "bar"},
+ headers={
+ "x-api-secret": "foo",
+ "authorization": "bar",
+ "cookie": "foo=bar",
+ },
retries=Retry(remove_headers_on_redirect=["X-API-Secret"]),
)
@@ -212,6 +225,7 @@ def test_redirect_cross_host_set_removed_headers(self):
assert "x-api-secret" not in data
assert "X-API-Secret" not in data
assert data["Authorization"] == "bar"
+ assert data["Cookie"] == "foo=bar"
def test_redirect_without_preload_releases_connection(self):
with PoolManager(block=True, maxsize=2) as http:

125
backport-CVE-2023-45803-Made-body-stripped-from-HTTP-requests.patch
View File

@ -1,125 +0,0 @@
From b594c5ceaca38e1ac215f916538fb128e3526a36 Mon Sep 17 00:00:00 2001
From: Illia Volochii <illia.volochii@gmail.com>
Date: Tue, 17 Oct 2023 19:35:39 +0300
Subject: [PATCH] Merge pull request from GHSA-g4mx-q9vg-27p4
Conflict:test/with_dummyserver/test_poolmanager.py and
test_connectionpool.py has not been modified because it has been deleted
in the pre-phase of the spec file
Reference:https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36
---
dummyserver/handlers.py | 7 +++++++
src/urllib3/_collections.py | 18 ++++++++++++++++++
src/urllib3/connectionpool.py | 5 +++++
src/urllib3/poolmanager.py | 7 +++++--
4 files changed, 35 insertions(+), 2 deletions(-)
diff --git a/dummyserver/handlers.py b/dummyserver/handlers.py
index c90c2fc..acd181d 100644
--- a/dummyserver/handlers.py
+++ b/dummyserver/handlers.py
@@ -186,6 +186,8 @@ class TestingApp(RequestHandler):
status = request.params.get("status", "303 See Other")
if len(status) == 3:
status = "%s Redirect" % status.decode("latin-1")
+ elif isinstance(status, bytes):
+ status = status.decode("latin-1")
headers = [("Location", target)]
return Response(status=status, headers=headers)
@@ -264,6 +266,11 @@ class TestingApp(RequestHandler):
def headers(self, request):
return Response(json.dumps(dict(request.headers)))
+ def headers_and_params(self, request):
+ return Response(
+ json.dumps({"headers": dict(request.headers), "params": request.params})
+ )
+
def successful_retry(self, request):
"""Handler which will return an error and then success
diff --git a/src/urllib3/_collections.py b/src/urllib3/_collections.py
index da9857e..bceb845 100644
--- a/src/urllib3/_collections.py
+++ b/src/urllib3/_collections.py
@@ -268,6 +268,24 @@ class HTTPHeaderDict(MutableMapping):
else:
return vals[1:]
+ def _prepare_for_method_change(self):
+ """
+ Remove content-specific header fields before changing the request
+ method to GET or HEAD according to RFC 9110, Section 15.4.
+ """
+ content_specific_headers = [
+ "Content-Encoding",
+ "Content-Language",
+ "Content-Location",
+ "Content-Type",
+ "Content-Length",
+ "Digest",
+ "Last-Modified",
+ ]
+ for header in content_specific_headers:
+ self.discard(header)
+ return self
+
# Backwards compatibility for httplib
getheaders = getlist
getallmatchingheaders = getlist
diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py
index 659a9ca..ebce9ce 100644
--- a/src/urllib3/connectionpool.py
+++ b/src/urllib3/connectionpool.py
@@ -9,6 +9,7 @@ import warnings
from socket import error as SocketError
from socket import timeout as SocketTimeout
+from ._collections import HTTPHeaderDict
from .connection import (
BaseSSLError,
BrokenPipeError,
@@ -832,7 +833,11 @@ class HTTPConnectionPool(ConnectionPool, RequestMethods):
redirect_location = redirect and response.get_redirect_location()
if redirect_location:
if response.status == 303:
+ # Change the method according to RFC 9110, Section 15.4.4.
method = "GET"
+ # And lose the body not to transfer anything sensitive.
+ body = None
+ headers = HTTPHeaderDict(headers)._prepare_for_method_change()
try:
retries = retries.increment(method, url, response=response, _pool=self)
diff --git a/src/urllib3/poolmanager.py b/src/urllib3/poolmanager.py
index ca4ec34..5f4afe1 100644
--- a/src/urllib3/poolmanager.py
+++ b/src/urllib3/poolmanager.py
@@ -4,7 +4,7 @@ import collections
import functools
import logging
-from ._collections import RecentlyUsedContainer
+from ._collections import HTTPHeaderDict, RecentlyUsedContainer
from .connectionpool import HTTPConnectionPool, HTTPSConnectionPool, port_by_scheme
from .exceptions import (
LocationValueError,
@@ -382,9 +382,12 @@ class PoolManager(RequestMethods):
# Support relative URLs for redirecting.
redirect_location = urljoin(url, redirect_location)
- # RFC 7231, Section 6.4.4
if response.status == 303:
+ # Change the method according to RFC 9110, Section 15.4.4.
method = "GET"
+ # And lose the body not to transfer anything sensitive.
+ kw["body"] = None
+ kw["headers"] = HTTPHeaderDict(kw["headers"])._prepare_for_method_change()
retries = kw.get("retries")
if not isinstance(retries, Retry):
--
2.23.0

29
backport-Fix-_idna_encode-handling-of-x80.patch
View File

@ -1,29 +0,0 @@
From a06c05cd4bba292ee26e3e9116cff902e0440b52 Mon Sep 17 00:00:00 2001
From: Ben Kallus <49924171+kenballus@users.noreply.github.com>
Date: Wed, 8 Feb 2023 15:19:07 +0000
Subject: [PATCH] Fix _idna_encode handling of '\x80'
Co-authored-by: Illia Volochii <illia.volochii@gmail.com>
Conflict:1.The content of "@@" is adapted 2.The line number is adapted
Reference:https://github.com/urllib3/urllib3/commit/a06c05cd4bba292ee26e3e9116cff902e0440b52
---
src/urllib3/util/url.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py
index 63166e8..8bac93a 100644
--- a/src/urllib3/util/url.py
+++ b/src/urllib3/util/url.py
@@ -300,7 +300,7 @@ def _normalize_host(host, scheme):
def _idna_encode(name):
- if name and any([ord(x) > 128 for x in name]):
+ if name and any(ord(x) >= 128 for x in name):
try:
import idna
except ImportError:
--
2.27.0

75
backport-Fix-socket-timeout-value-when-HTTPConnection-is-reused.patch
View File

@ -1,75 +0,0 @@
From a7ce8e0881c94800b14687145ee11940246d2b22 Mon Sep 17 00:00:00 2001
From: Nick Williams <68963309+nickwilliams-zaxiom@users.noreply.github.com>
Date: Fri, 20 Jan 2023 07:59:33 -0600
Subject: [PATCH] [1.26] Fix socket timeout value when HTTPConnection is reused
Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
Co-authored-by: Quentin Pradet <quentin.pradet@gmail.com>
Conflict:1.The content of "@@" is adapted 2.The line number is adapted 3. no add testcode
Reference:https://github.com/urllib3/urllib3/commit/a7ce8e0881c94800b14687145ee11940246d2b22
---
src/urllib3/connection.py | 5 +++++
src/urllib3/connectionpool.py | 2 +-
src/urllib3/util/timeout.py | 9 ++++++---
3 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py
index f48daea..f121511 100644
--- a/src/urllib3/connection.py
+++ b/src/urllib3/connection.py
@@ -229,6 +229,11 @@ class HTTPConnection(_HTTPConnection, object):
)
def request(self, method, url, body=None, headers=None):
+ # Update the inner socket's timeout value to send the request.
+ # This only triggers if the connection is re-used.
+ if getattr(self, "sock", None) is not None:
+ self.sock.settimeout(self.timeout)
+
if headers is None:
headers = {}
else:
diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py
index 8dccf4b..e528019 100644
--- a/src/urllib3/connectionpool.py
+++ b/src/urllib3/connectionpool.py
@@ -375,7 +375,7 @@ class HTTPConnectionPool(ConnectionPool, RequestMethods):
timeout_obj = self._get_timeout(timeout)
timeout_obj.start_connect()
- conn.timeout = timeout_obj.connect_timeout
+ conn.timeout = Timeout.resolve_default_timeout(timeout_obj.connect_timeout)
# Trigger any extra validation we need to do.
try:
diff --git a/src/urllib3/util/timeout.py b/src/urllib3/util/timeout.py
index ff69593..78e18a6 100644
--- a/src/urllib3/util/timeout.py
+++ b/src/urllib3/util/timeout.py
@@ -2,9 +2,8 @@ from __future__ import absolute_import
import time
-# The default socket timeout, used by httplib to indicate that no timeout was
-# specified by the user
-from socket import _GLOBAL_DEFAULT_TIMEOUT
+# The default socket timeout, used by httplib to indicate that no timeout was; specified by the user
+from socket import _GLOBAL_DEFAULT_TIMEOUT, getdefaulttimeout
from ..exceptions import TimeoutStateError
@@ -116,6 +115,10 @@ class Timeout(object):
# __str__ provided for backwards compatibility
__str__ = __repr__
+ @classmethod
+ def resolve_default_timeout(cls, timeout):
+ return getdefaulttimeout() if timeout is cls.DEFAULT_TIMEOUT else timeout
+
@classmethod
def _validate_timeout(cls, value, name):
"""Check that a timeout attribute is valid.
--
2.27.0

27
backport-Remove-Exclamation-mark-character-from-the-unreserved-characters.patch
View File

@ -1,27 +0,0 @@
From 27370204dbcb2ee555a136948afee276a96ddc87 Mon Sep 17 00:00:00 2001
From: Ben Kallus <49924171+kenballus@users.noreply.github.com>
Date: Fri, 3 Feb 2023 08:38:04 -0500
Subject: [PATCH] [1.26] Remove "!" character from the "unreserved" characters
in IPv6 Zone ID parsing
Conflict:The content of "index" and "@@" are adapted
Reference:https://github.com/urllib3/urllib3/commit/27370204dbcb2ee555a136948afee276a96ddc87
---
src/urllib3/util/url.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py
index 63166e8..33dfb45 100644
--- a/src/urllib3/util/url.py
+++ b/src/urllib3/util/url.py
@@ -50,7 +50,7 @@ _variations = [
"(?:(?:%(hex)s:){0,6}%(hex)s)?::",
]
-UNRESERVED_PAT = r"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._!\-~"
+UNRESERVED_PAT = r"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._\-~"
IPV6_PAT = "(?:" + "|".join([x % _subs for x in _variations]) + ")"
ZONE_ID_PAT = "(?:%25|%)(?:[" + UNRESERVED_PAT + "]|%[a-fA-F0-9]{2})+"
IPV6_ADDRZ_PAT = r"\[" + IPV6_PAT + r"(?:" + ZONE_ID_PAT + r")?\]"
--
2.27.0

48
backport-fixed-issue-with-port-0-returning-None.patch
View File

@ -1,48 +0,0 @@
From 25fbd5fb72ae8790cff9512878d302120e387e64 Mon Sep 17 00:00:00 2001
From: Anil Khatri <anilkhatri.dev@gmail.com>
Date: Sat, 31 Dec 2022 01:38:50 +0530
Subject: [PATCH] Fixed issue with port "0" returning None
Conflict:adapt:
1.The content of "@@" is adapted
2.The line number is adapted
Reference:https://github.com/urllib3/urllib3/pull/2864
---
src/urllib3/util/url.py | 2 +-
test/test_util.py | 7 +++++++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py
index 8964cef..63166e8 100644
--- a/src/urllib3/util/url.py
+++ b/src/urllib3/util/url.py
@@ -63,7 +63,7 @@ IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT + "$")
BRACELESS_IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT[2:-2] + "$")
ZONE_ID_RE = re.compile("(" + ZONE_ID_PAT + r")\]$")
-_HOST_PORT_PAT = ("^(%s|%s|%s)(?::0*([0-9]{0,5}))?$") % (
+_HOST_PORT_PAT = ("^(%s|%s|%s)(?::0*?(|0|[1-9][0-9]{0,4}))?$") % (
REG_NAME_PAT,
IPV4_PAT,
IPV6_ADDRZ_PAT,
diff --git a/test/test_util.py b/test/test_util.py
index f6c8b43..7d512f5 100644
--- a/test/test_util.py
+++ b/test/test_util.py
@@ -347,6 +347,13 @@ class TestUtil(object):
url = parse_url("https://example.com:0000000000080")
assert url.port == 80
+ def test_parse_url_only_zeros(self):
+ url = parse_url("https://example.com:0")
+ assert url.port == 0
+
+ url = parse_url("https://example.com:000000000000")
+ assert url.port == 0
+
def test_Url_str(self):
U = Url("http", host="google.com")
assert str(U) == U.url
--
2.27.0

45
backport-strip-leading-zeros-form-ports.patch
View File

@ -1,45 +0,0 @@
From 955da4d03eaa6785aef40a34f440a67d736a4793 Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <sethmichaellarson@gmail.com>
Date: Tue, 22 Nov 2022 17:59:57 +0000
Subject: [PATCH] [1.26] Strip leading zeros from ports
Co-authored-by: Bastian Venthur <bastian.venthur@flixbus.com>
Co-authored-by: Hasan Ramezani <hasan.r67@gmail.com>
Conflict:NA
Reference:https://github.com/urllib3/urllib3/commit/955da4d03eaa6785aef40a34f440a67d736a4793
---
src/urllib3/util/url.py | 2 +-
test/test_util.py | 4 ++++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py
index 81a03da..8964cef 100644
--- a/src/urllib3/util/url.py
+++ b/src/urllib3/util/url.py
@@ -63,7 +63,7 @@ IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT + "$")
BRACELESS_IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT[2:-2] + "$")
ZONE_ID_RE = re.compile("(" + ZONE_ID_PAT + r")\]$")
-_HOST_PORT_PAT = ("^(%s|%s|%s)(?::([0-9]{0,5}))?$") % (
+_HOST_PORT_PAT = ("^(%s|%s|%s)(?::0*([0-9]{0,5}))?$") % (
REG_NAME_PAT,
IPV4_PAT,
IPV6_ADDRZ_PAT,
diff --git a/test/test_util.py b/test/test_util.py
index 562c106..f6c8b43 100644
--- a/test/test_util.py
+++ b/test/test_util.py
@@ -343,6 +343,10 @@ class TestUtil(object):
with pytest.raises(LocationParseError):
parse_url("https://www.google.com:-80/")
+ def test_parse_url_remove_leading_zeros(self):
+ url = parse_url("https://example.com:0000000000080")
+ assert url.port == 80
+
def test_Url_str(self):
U = Url("http", host="google.com")
assert str(U) == U.url
--
2.27.0

60
python-urllib3.spec
View File

@ -3,7 +3,7 @@
Name: python-%{srcname}
Version: 1.26.12
Release: 6
Release: 1
Summary: Sanity-friendly HTTP client for Python
License: MIT
URL: https://urllib3.readthedocs.io
@ -12,13 +12,6 @@ Source1: ssl_match_hostname_py3.py
Patch0001: remove_mock.patch
Patch6000: backport-CVE-2021-28363.patch
Patch6001: backport-strip-leading-zeros-form-ports.patch
Patch6002: backport-fixed-issue-with-port-0-returning-None.patch
Patch6003: backport-Fix-socket-timeout-value-when-HTTPConnection-is-reused.patch
Patch6004: backport-Remove-Exclamation-mark-character-from-the-unreserved-characters.patch
Patch6005: backport-Fix-_idna_encode-handling-of-x80.patch
Patch6006: backport-CVE-2023-43804-added-the-Cookie-to-the-list-of-headers.patch
Patch6007: backport-CVE-2023-45803-Made-body-stripped-from-HTTP-requests.patch
BuildArch: noarch
@ -34,9 +27,10 @@ BuildRequires: python3-setuptools
%if %{with tests}
BuildRequires: python3-cryptography python3-mock python3-six python-idna python-dateutil
BuildRequires: python3-pysocks python3-pytest python3-tornado python-trustme
BuildRequires: python3-pytest-timeout
%endif
Requires: ca-certificates python3-idna python3-six python3-pysocks
Requires: ca-certificates python3-idna python3-six >= 1.16.0 python3-pysocks
%description -n python3-urllib3
Python3 HTTP module with connection pooling and file POST abilities.
@ -84,49 +78,17 @@ PYTHONPATH=%{buildroot}%{python3_sitelib}:%{python3_sitelib} %{__python3} -m pyt
%{python3_sitelib}/urllib3-*.egg-info
%changelog
* Fri Nov 03 2023 chengyechun <chengyechun1@huawei.com> - 1.26.12-6
- Type:CVE
- CVE:CVE-2023-45803
- SUG:NA
- DESC:fix CVE-2023-45803
* Mon Nov 7 2022 chenhaixing <chenhaixing@huawei.com> - 1.26.12-1
- DESC:upgrade python-urllib3 version to 1.26.12
* Wed Oct 04 2023 Funda Wang <fundawang@yeah.net> - 1.26.12-5
- Type:CVE
- CVE:CVE-2023-43804
- SUG:NA
- DESC:fix CVE-2023-43804
* Tue Aug 09 2022 chenhaixing <chenhaixing@huawei.com> - 1.26.7-3
- modify RECENT_DATE in python-urllib3.spec to adapt time change
* Tue Mar 21 2023 chenhaixing <chenhaixing@huawei.com> - 1.26.12-4
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix socket timeout value when HTTPConnect is reused
remove Exclamation mark character from the unreserved characters
fix _idna_encode handling of x80
* Fri Jan 07 2022 zhanzhimin <zhanzhimin@huawei.com> - 1.26.7-2
- remove python-nose dependency
* Fri Feb 10 2023 chenhaixing <chenhaixing@huawei.com> - 1.26.12-3
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:change _HOST_PORT_PAT to fix port is 0 but return None
* Sat Dec 17 2022 chenhaixing <chenhaixing@huawei.com> - 1.26.12-2
- DESC:fix util.parse_url function traceback when port have leading zeros
* Sun Sep 04 2022 tianlijing <tianlijing@kylinos.cn> - 1.26.12-1
- update to 1.26.12
* Tue Aug 09 2022 chenhaixing <chenhaixing@huawei.com> - 1.26.8-2
- delete patch Bump-RECENT_DATE.patch and modify RECENT_DATE in python-urllib3.spec to adapt time change
* Mon Jul 18 2022 OpenStack_SIG <openstack@openeuler.org> - 1.26.8-1
- Upgrade package to version 1.26.8
* Wed Jul 06 2022 chenhaixing <chenhaixing@huawei.com> - 1.26.7-2
- add patch Bump RECENT_DATE and solve test case test_recent_date failed
* Wed Jan 19 2022 wangkerong <wangkerong@huawei.com> - 1.26.7-1
- update to 1.26.7 and remove python-nose dependency
* Sat Nov 27 2021 zhanzhimin <zhanzhimin@huawei.com> - 1.26.7-1
- update to 1.26.7
* Mon Jul 5 2021 zhanzhimin <zhanzhimin@huawei.com> - 1.26.3-3
- fix CVE-2021-33503