From 20eb6e2583fe84728f0c8b0bbfa8e42083a32475 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Wed, 17 Apr 2019 16:51:22 -0400 Subject: [PATCH 1/6] Update to v1.24.2 --- .gitignore | 1 + python-urllib3.spec | 4 ++-- sources | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 630c966..10a86e0 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ /urllib3-1.23.tar.gz /urllib3-1.24.tar.gz /urllib3-1.24.1.tar.gz +/urllib3-1.24.2.tar.gz diff --git a/python-urllib3.spec b/python-urllib3.spec index 4b8bcc1..aa433e8 100644 --- a/python-urllib3.spec +++ b/python-urllib3.spec @@ -4,8 +4,8 @@ %bcond_without tests Name: python-%{srcname} -Version: 1.24.1 -Release: 3%{?dist} +Version: 1.24.2 +Release: 1%{?dist} Summary: Python HTTP library with thread-safe connection pooling and file post License: MIT diff --git a/sources b/sources index d1287f7..360033c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (urllib3-1.24.1.tar.gz) = 2f5453cf0ec1b65de9a9fca0fdb45664f7481507c875b7115c063cb177628b4b611377e588508ab8433e0797fc78b60fd3ea5cc5ac0a3f105d36bfff9a56f1f4 +SHA512 (urllib3-1.24.2.tar.gz) = 08e8d896f57eb9af5511d07002859f87f2a7bddbd5e66468908188dfe13d2e3985a8cdd2da12d06d0b337945ca8314c1f026d4e82badf23a09bf686fa121e863 From afb4616d3b676a650d34d9c48b4e474c98e03ad0 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Tue, 28 May 2019 13:28:08 -0400 Subject: [PATCH 2/6] Update to 1.24.3 --- .gitignore | 1 + python-urllib3.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 10a86e0..c2ba537 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ /urllib3-1.24.tar.gz /urllib3-1.24.1.tar.gz /urllib3-1.24.2.tar.gz +/urllib3-1.24.3.tar.gz diff --git a/python-urllib3.spec b/python-urllib3.spec index aa433e8..44d4b4f 100644 --- a/python-urllib3.spec +++ b/python-urllib3.spec @@ -4,7 +4,7 @@ %bcond_without tests Name: python-%{srcname} -Version: 1.24.2 +Version: 1.24.3 Release: 1%{?dist} Summary: Python HTTP library with thread-safe connection pooling and file post @@ -143,6 +143,9 @@ popd %changelog +* Tue May 28 2019 Jeremy Cline - 1.24.3-1 +- Update to 1.24.3 (fixes CVE-2019-9740) + * Sat Feb 02 2019 Fedora Release Engineering - 1.24.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild diff --git a/sources b/sources index 360033c..a7a2545 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (urllib3-1.24.2.tar.gz) = 08e8d896f57eb9af5511d07002859f87f2a7bddbd5e66468908188dfe13d2e3985a8cdd2da12d06d0b337945ca8314c1f026d4e82badf23a09bf686fa121e863 +SHA512 (urllib3-1.24.3.tar.gz) = d535fb90cb1f0880f3c170af25ff7c2b5c383e74df8a04781df518e46abd3342699fa295b36649849a95223404980e150ef62489f857b5c38ae98759f9d32221 From 904cd2c03258f174aed338b2911187a9fa702810 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Mon, 8 Jul 2019 10:23:29 +0200 Subject: [PATCH 3/6] Set RECENT_DATE not to be older than 2 years Backports https://github.com/urllib3/urllib3/pull/1645 Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1727796 --- 1645.patch | 31 +++++++++++++++++++++++++++++++ python-urllib3.spec | 9 ++++++++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 1645.patch diff --git a/1645.patch b/1645.patch new file mode 100644 index 0000000..41f7435 --- /dev/null +++ b/1645.patch @@ -0,0 +1,31 @@ +From 19b02fee383647ede591c0368e6ac437c832b871 Mon Sep 17 00:00:00 2001 +From: Seth Michael Larson +Date: Tue, 2 Jul 2019 23:08:27 -0500 +Subject: [PATCH] Update RECENT_DATE to 2019-1-1 + +--- + src/urllib3/connection.py | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py +index 57c58fe..96f5d28 100644 +--- a/src/urllib3/connection.py ++++ b/src/urllib3/connection.py +@@ -56,11 +56,9 @@ port_by_scheme = { + 'https': 443, + } + +-# When updating RECENT_DATE, move it to within two years of the current date, +-# and not less than 6 months ago. +-# Example: if Today is 2018-01-01, then RECENT_DATE should be any date on or +-# after 2016-01-01 (today - 2 years) AND before 2017-07-01 (today - 6 months) +-RECENT_DATE = datetime.date(2017, 6, 30) ++# When it comes time to update this value as a part of regular maintenance ++# (ie test_recent_date is failing) update it to ~6 months before the current date. ++RECENT_DATE = datetime.date(2019, 1, 1) + + + class DummyConnection(object): +-- +2.21.0 + diff --git a/python-urllib3.spec b/python-urllib3.spec index 44d4b4f..39410a0 100644 --- a/python-urllib3.spec +++ b/python-urllib3.spec @@ -5,7 +5,7 @@ Name: python-%{srcname} Version: 1.24.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Python HTTP library with thread-safe connection pooling and file post License: MIT @@ -15,6 +15,10 @@ Source0: %{url}/archive/%{version}/%{srcname}-%{version}.tar.gz Source1: ssl_match_hostname_py3.py BuildArch: noarch +# Merged upstream, set RECENT_DATE not to be older than 2 years +# https://bugzilla.redhat.com/show_bug.cgi?id=1727796 +Patch0: 1645.patch + %description Python HTTP module with connection pooling and file POST abilities. @@ -143,6 +147,9 @@ popd %changelog +* Mon Jul 08 2019 Miro Hrončok - 1.24.3-2 +- Set RECENT_DATE not to be older than 2 years (#1727796) + * Tue May 28 2019 Jeremy Cline - 1.24.3-1 - Update to 1.24.3 (fixes CVE-2019-9740) From 32baf46499da2795946b51a4b789ec984388e288 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Tue, 15 Oct 2019 15:21:53 +0000 Subject: [PATCH 4/6] Update to v1.25.6 --- .gitignore | 3 +++ 1645.patch | 31 ------------------------------- python-urllib3.spec | 11 +++++------ sources | 2 +- 4 files changed, 9 insertions(+), 38 deletions(-) delete mode 100644 1645.patch diff --git a/.gitignore b/.gitignore index c2ba537..c3698d4 100644 --- a/.gitignore +++ b/.gitignore @@ -24,3 +24,6 @@ /urllib3-1.24.1.tar.gz /urllib3-1.24.2.tar.gz /urllib3-1.24.3.tar.gz +/urllib3-1.25.2.tar.gz +/urllib3-1.25.3.tar.gz +/urllib3-1.25.6.tar.gz diff --git a/1645.patch b/1645.patch deleted file mode 100644 index 41f7435..0000000 --- a/1645.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 19b02fee383647ede591c0368e6ac437c832b871 Mon Sep 17 00:00:00 2001 -From: Seth Michael Larson -Date: Tue, 2 Jul 2019 23:08:27 -0500 -Subject: [PATCH] Update RECENT_DATE to 2019-1-1 - ---- - src/urllib3/connection.py | 8 +++----- - 1 file changed, 3 insertions(+), 5 deletions(-) - -diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py -index 57c58fe..96f5d28 100644 ---- a/src/urllib3/connection.py -+++ b/src/urllib3/connection.py -@@ -56,11 +56,9 @@ port_by_scheme = { - 'https': 443, - } - --# When updating RECENT_DATE, move it to within two years of the current date, --# and not less than 6 months ago. --# Example: if Today is 2018-01-01, then RECENT_DATE should be any date on or --# after 2016-01-01 (today - 2 years) AND before 2017-07-01 (today - 6 months) --RECENT_DATE = datetime.date(2017, 6, 30) -+# When it comes time to update this value as a part of regular maintenance -+# (ie test_recent_date is failing) update it to ~6 months before the current date. -+RECENT_DATE = datetime.date(2019, 1, 1) - - - class DummyConnection(object): --- -2.21.0 - diff --git a/python-urllib3.spec b/python-urllib3.spec index 39410a0..a587c19 100644 --- a/python-urllib3.spec +++ b/python-urllib3.spec @@ -4,8 +4,8 @@ %bcond_without tests Name: python-%{srcname} -Version: 1.24.3 -Release: 2%{?dist} +Version: 1.25.6 +Release: 1%{?dist} Summary: Python HTTP library with thread-safe connection pooling and file post License: MIT @@ -15,10 +15,6 @@ Source0: %{url}/archive/%{version}/%{srcname}-%{version}.tar.gz Source1: ssl_match_hostname_py3.py BuildArch: noarch -# Merged upstream, set RECENT_DATE not to be older than 2 years -# https://bugzilla.redhat.com/show_bug.cgi?id=1727796 -Patch0: 1645.patch - %description Python HTTP module with connection pooling and file POST abilities. @@ -147,6 +143,9 @@ popd %changelog +* Tue Oct 15 2019 Jeremy Cline - 1.25.6-1 +- Update to v1.25.6 + * Mon Jul 08 2019 Miro Hrončok - 1.24.3-2 - Set RECENT_DATE not to be older than 2 years (#1727796) diff --git a/sources b/sources index a7a2545..228c9cb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (urllib3-1.24.3.tar.gz) = d535fb90cb1f0880f3c170af25ff7c2b5c383e74df8a04781df518e46abd3342699fa295b36649849a95223404980e150ef62489f857b5c38ae98759f9d32221 +SHA512 (urllib3-1.25.6.tar.gz) = 02457492406fff3a61143d695df8304fc66a31f2646ca05ccacd9f2e5f86560e4c68a1f7f4702d6402b9d4d899145b15b125e56b3bc273012b0306ca4d0d7927 From 598dc0a3b65339d76d52bc558e1e19d83d44e5b6 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Wed, 13 Nov 2019 10:37:15 -0500 Subject: [PATCH 5/6] Update to 1.25.7 --- .gitignore | 1 + python-urllib3.spec | 3 ++- sources | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index c3698d4..fc27170 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,4 @@ /urllib3-1.25.2.tar.gz /urllib3-1.25.3.tar.gz /urllib3-1.25.6.tar.gz +/urllib3-1.25.7.tar.gz diff --git a/python-urllib3.spec b/python-urllib3.spec index a587c19..c272758 100644 --- a/python-urllib3.spec +++ b/python-urllib3.spec @@ -4,7 +4,7 @@ %bcond_without tests Name: python-%{srcname} -Version: 1.25.6 +Version: 1.25.7 Release: 1%{?dist} Summary: Python HTTP library with thread-safe connection pooling and file post @@ -60,6 +60,7 @@ BuildRequires: python3-six BuildRequires: python3-pysocks BuildRequires: python3-pytest BuildRequires: python3-tornado +BuildRequires: python3-trustme %endif Requires: ca-certificates diff --git a/sources b/sources index 228c9cb..f8dfc21 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (urllib3-1.25.6.tar.gz) = 02457492406fff3a61143d695df8304fc66a31f2646ca05ccacd9f2e5f86560e4c68a1f7f4702d6402b9d4d899145b15b125e56b3bc273012b0306ca4d0d7927 +SHA512 (urllib3-1.25.7.tar.gz) = bbf55a1d46fe799b98c311bdb47628c14719d5b3ae00fb27515da774d8f7c043ff79a9684f12b133101574527531d4a79134fe67e28dad518d429e55f82e0c59 From 319e5ee1f2917c870a3bf3347ba6c33eb2e31e40 Mon Sep 17 00:00:00 2001 From: Jeremy Cline Date: Wed, 13 Nov 2019 10:58:32 -0500 Subject: [PATCH 6/6] Update to v1.25.7 Bring back idna as it's used in a utility function in urllib3. Also depend on trustme, and drop Python 2 tests as there's no python2-trustme and I'm not making another Python 2 package ever again. --- python-urllib3.spec | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/python-urllib3.spec b/python-urllib3.spec index c272758..b1bc9c6 100644 --- a/python-urllib3.spec +++ b/python-urllib3.spec @@ -33,17 +33,6 @@ Requires: python2-ipaddress Requires: python2-pysocks BuildRequires: python2-devel -%if %{with tests} -BuildRequires: python2-backports-ssl_match_hostname -BuildRequires: python2-nose -BuildRequires: python2-nose-exclude -BuildRequires: python2-coverage -BuildRequires: python2-mock -BuildRequires: python2-six -BuildRequires: python2-pysocks -BuildRequires: python2-pytest -BuildRequires: python2-tornado -%endif %description -n python2-%{srcname} Python2 HTTP module with connection pooling and file POST abilities. @@ -61,11 +50,13 @@ BuildRequires: python3-pysocks BuildRequires: python3-pytest BuildRequires: python3-tornado BuildRequires: python3-trustme +BuildRequires: python3-idna %endif Requires: ca-certificates Requires: python3-six Requires: python3-pysocks +Requires: python3-idna %description -n python3-%{srcname} Python3 HTTP module with connection pooling and file POST abilities. @@ -123,7 +114,6 @@ ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.pyc \ %if %{with tests} %check pushd test -PYTHONPATH=%{buildroot}%{python2_sitelib}:%{python2_sitelib} %{__python2} -m pytest -v PYTHONPATH=%{buildroot}%{python3_sitelib}:%{python3_sitelib} %{__python3} -m pytest -v popd %endif @@ -144,6 +134,9 @@ popd %changelog +* Wed Nov 13 2019 Jeremy Cline - 1.25.7-1 +- Update to v1.25.7 + * Tue Oct 15 2019 Jeremy Cline - 1.25.6-1 - Update to v1.25.6