9 changed files with 153 additions and 160 deletions
--- a/Don-t-inject-pyopenssl-into-urllib3.patch
+++ b/Don-t-inject-pyopenssl-into-urllib3.patch
@ -0,0 +1,38 @@
 From 86b1fa39fdebdb7bc57131c1a198d4d18e104f95 Mon Sep 17 00:00:00 2001
 From: Jeremy Cline <jeremy@jcline.org>
 Date: Mon, 16 Apr 2018 10:35:35 -0400
 Subject: [PATCH] Don't inject pyopenssl into urllib3
 Fedora ships sufficiently new versions of Python 2 and 3 to make this
 unnecessary (rhbz 1567862)
 Signed-off-by: Jeremy Cline <jeremy@jcline.org>
 ---
 requests/__init__.py | 7 -------
 1 file changed, 7 deletions(-)
 diff --git a/requests/__init__.py b/requests/__init__.py
 index a5b3c9c3..e312d314 100644
 --- a/requests/__init__.py
 +++ b/requests/__init__.py
@@ -90,17 +90,6 @@ except (AssertionError, ValueError):
                   "version!".format(urllib3.__version__, chardet.__version__),
                   RequestsDependencyWarning)
 -# Attempt to enable urllib3's SNI support, if possible
 -try:
 -    from urllib3.contrib import pyopenssl
 -    pyopenssl.inject_into_urllib3()
 -
 -    # Check cryptography version
 -    from cryptography import __version__ as cryptography_version
 -    _check_cryptography(cryptography_version)
 -except ImportError:
 -    pass
 -
 # urllib3's DependencyWarnings should be silenced.
 from urllib3.exceptions import DependencyWarning
 warnings.simplefilter('ignore', DependencyWarning)
 -- 
 2.17.0
--- a/README.en.md
+++ b/README.en.md
@ -0,0 +1,36 @@
 # python-requests
 #### Description
 {**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**}
 #### Software Architecture
 Software architecture description
 #### Installation
 1.  xxxx
 2.  xxxx
 3.  xxxx
 #### Instructions
 1.  xxxx
 2.  xxxx
 3.  xxxx
 #### Contribution
 1.  Fork the repository
 2.  Create Feat_xxx branch
 3.  Commit your code
 4.  Create Pull Request
 #### Gitee Feature
 1.  You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
 2.  Gitee blog [blog.gitee.com](https://blog.gitee.com)
 3.  Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
 4.  The most valuable open source project [GVP](https://gitee.com/gvp)
 5.  The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
 6.  The most popular members  [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)
--- a/README.md
+++ b/README.md
@ -0,0 +1,39 @@
 # python-requests
 #### 介绍
 {**以下是码云平台说明，您可以替换此简介**
 码云是 OSCHINA 推出的基于 Git 的代码托管平台（同时支持 SVN）。专为开发者提供稳定、高效、安全的云端软件开发协作平台
 无论是个人、团队、或是企业，都能够用码云实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)}
 #### 软件架构
 软件架构说明
 #### 安装教程
 1.  xxxx
 2.  xxxx
 3.  xxxx
 #### 使用说明
 1.  xxxx
 2.  xxxx
 3.  xxxx
 #### 参与贡献
 1.  Fork 本仓库
 2.  新建 Feat_xxx 分支
 3.  提交代码
 4.  新建 Pull Request
 #### 码云特技
 1.  使用 Readme\_XXX.md 来支持不同的语言，例如 Readme\_en.md, Readme\_zh.md
 2.  码云官方博客 [blog.gitee.com](https://blog.gitee.com)
 3.  你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
 4.  [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目，是码云综合评定出的优秀开源项目
 5.  码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
 6.  码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)
--- a/Remove-tests-that-use-the-tarpit.patch
+++ b/Remove-tests-that-use-the-tarpit.patch
@ -1,23 +1,27 @@
-From bb1c91432c5e9a1f402692db5c80c65136656afb Mon Sep 17 00:00:00 2001
+From 524cd22fb77e69db9bb3f017bbb1d9782c37b0cd Mon Sep 17 00:00:00 2001
 From: Jeremy Cline <jeremy@jcline.org>
 Date: Tue, 13 Jun 2017 09:08:09 -0400
 Subject: [PATCH] Remove tests that use the tarpit
- 
+
 The latest version of Mock has started using systemd containers. The
 systemd-nspawn command is being run with --private-network, which
 immediately kills connections to something other than localhost. These
 tests depend on the connection not being killed immediately and that
 they are never responded to.
- 
+
 Signed-off-by: Jeremy Cline <jeremy@jcline.org>
 ---
-diff -Naur requests-2.24.0/tests/test_requests.py requests-2/tests/test_requests.py
+ tests/test_requests.py | 25 -------------------------
--- requests-2.24.0/tests/test_requests.py      2020-08-04 18:05:14.250000000 +0800
+ 1 file changed, 25 deletions(-)
-+++ requests-2/tests/test_requests.py   2020-08-04 18:13:19.891000000 +0800
+
-@@ -2188,30 +2188,6 @@
+diff --git a/tests/test_requests.py b/tests/test_requests.py
 index b8350cb..46b7e9e 100755
 --- a/tests/test_requests.py
 +++ b/tests/test_requests.py
@@ -2049,31 +2049,6 @@ class TestTimeout:
         except ReadTimeout:
             pass
-
+ 
 -    @pytest.mark.parametrize(
 -        'timeout', (
 -            (0.1, None),
@ -42,7 +46,10 @@ diff -Naur requests-2.24.0/tests/test_requests.py requests-2/tests/test_requests
 -            pytest.fail('The connect() request should time out.')
 -        except ConnectTimeout:
 -            pass
-
+-
     def test_encoded_methods(self, httpbin):
-         """See: https://github.com/psf/requests/issues/2316"""
+         """See: https://github.com/requests/requests/issues/2316"""
         r = requests.request(b'GET', httpbin('get'))
 -- 
 2.9.4
--- a/backport-CVE-2023-32681.patch
+++ b/backport-CVE-2023-32681.patch
@ -1,62 +0,0 @@
 From 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5 Mon Sep 17 00:00:00 2001
 From: Nate Prewitt <nate.prewitt@gmail.com>
 Date: Mon, 22 May 2023 08:08:57 -0700
 Subject: [PATCH] Merge pull request from GHSA-j8r2-6x86-q33q
 Reference:https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5
 Conflict:Adaptation Context
 ---
 requests/sessions.py   |  4 +++-
 tests/test_requests.py | 20 ++++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)
 diff --git a/requests/sessions.py b/requests/sessions.py
 index e8e2d60..6e73925 100644
 --- a/requests/sessions.py
 +++ b/requests/sessions.py
@@ -306,7 +306,9 @@ class SessionRedirectMixin(object):
         except KeyError:
             username, password = None, None
 -        if username and password:
 +        # urllib3 handles proxy authorization for us in the standard adapter.
 +        # Avoid appending this to TLS tunneled requests where it may be leaked.
 +        if not scheme.startswith('https') and username and password:
             headers['Proxy-Authorization'] = _basic_auth_str(username, password)
         return new_proxies
 diff --git a/tests/test_requests.py b/tests/test_requests.py
 index 33880b8..4bf5321 100644
 --- a/tests/test_requests.py
 +++ b/tests/test_requests.py
@@ -551,6 +551,26 @@ class TestRequests:
         with pytest.raises(InvalidProxyURL):
             requests.get(httpbin(), proxies={'http': 'http:///example.com:8080'})
 +
 +    @pytest.mark.parametrize(
 +        "url,has_proxy_auth",
 +        (
 +            ('http://example.com', True),
 +            ('https://example.com', False),
 +        ),
 +    )
 +    def test_proxy_authorization_not_appended_to_https_request(self, url, has_proxy_auth):
 +        session = requests.Session()
 +        proxies = {
 +            'http': 'http://test:pass@localhost:8080',
 +            'https': 'http://test:pass@localhost:8090',
 +        }
 +        req = requests.Request('GET', url)
 +        prep = req.prepare()
 +        session.rebuild_proxies(prep, proxies)
 +
 +        assert ('Proxy-Authorization' in prep.headers) is has_proxy_auth
 +
     def test_basicauth_with_netrc(self, httpbin):
         auth = ('user', 'pass')
         wrong_auth = ('wronguser', 'wrongpass')
 -- 
 2.33.0
--- a/backport-CVE-2024-1682.patch
+++ b/backport-CVE-2024-1682.patch
@ -1,40 +0,0 @@
 From 6106a63eb6c0fa490efa73d44388ac25b1b08af4 Mon Sep 17 00:00:00 2001
 From: Nate Prewitt <nate.prewitt@gmail.com>
 Date: Tue, 20 Feb 2024 11:58:35 -0800
 Subject: [PATCH] Cleanup defunct links from community docs page
 Reference:https://github.com/psf/requests/commit/6106a63eb6c0fa490efa73d44388ac25b1b08af4
 Conflict:NA
 ---
 docs/community/out-there.rst | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)
 diff --git a/docs/community/out-there.rst b/docs/community/out-there.rst
 index c33ab3c95b..c75c71f6a2 100644
 --- a/docs/community/out-there.rst
 +++ b/docs/community/out-there.rst
@@ -1,22 +1,10 @@
 .. image:: https://farm5.staticflickr.com/4239/34450900674_15863ddea0_k_d.jpg
 -Python for iOS
 ---------------
 -
 -Requests is built into the wonderful `Python for iOS <https://itunes.apple.com/us/app/python-2.7-for-ios/id485729872?mt=Python8>`_ runtime!
 -
 -To give it a try, simply::
 -
 -    import requests
 -
 -
 Articles & Talks
 ================
 -- `Python for the Web <https://www.gun.io/blog/python-for-the-web>`_ teaches how to use Python to interact with the web, using Requests.
 - `Daniel Greenfeld's Review of Requests <https://pydanny.blogspot.com/2011/05/python-http-requests-for-humans.html>`_
 -- `My 'Python for Humans' talk <http://python-for-humans.heroku.com>`_ ( `audio <https://codeconf.s3.amazonaws.com/2011/pycodeconf/talks/PyCodeConf2011%20-%20Kenneth%20Reitz.m4a>`_ )
 -- `Issac Kelly's 'Consuming Web APIs' talk <https://issackelly.github.com/Consuming-Web-APIs-with-Python-Talk/slides/slides.html>`_
 +- `Issac Kelly's 'Consuming Web APIs' talk <https://issackelly.github.io/Consuming-Web-APIs-with-Python-Talk/slides/slides.html>`_
 - `Blog post about Requests via Yum <https://arunsag.wordpress.com/2011/08/17/new-package-python-requests-http-for-humans/>`_
 - `Russian blog post introducing Requests <https://habr.com/post/126262/>`_
 - `Sending JSON in Requests <http://www.coglib.com/~icordasc/blog/2014/11/sending-json-in-requests.html>`_
--- a/patch-requests-certs.py-to-use-the-system-CA-bundle.patch
+++ b/patch-requests-certs.py-to-use-the-system-CA-bundle.patch
@ -1,36 +1,26 @@
-From aad5590d5ea47dc54cfd97da54f2640014f7d39d Mon Sep 17 00:00:00 2001
+diff -uNrp a/requests/certs.py b/requests/certs.py
-From: Jeremy Cline <jcline@redhat.com>
+--- a/requests/certs.py	2019-12-20 15:17:38.304000000 +0800
-Date: Thu, 13 Dec 2018 10:55:29 -0500
+++ b/requests/certs.py	2019-12-20 15:25:18.952000000 +0800
-Subject: [PATCH] Patch requests/certs.py to use the system CA bundle
+@@ -11,7 +11,10 @@ If you are packaging Requests, e.g., for
 Signed-off-by: Jeremy Cline <jcline@redhat.com>
 ---
 diff -Naur requests-2.24.0/requests/certs.py requests-1/requests/certs.py
 --- requests-2.24.0/requests/certs.py   2020-08-04 18:05:14.250000000 +0800
 +++ requests-1/requests/certs.py        2020-08-04 18:07:20.652000000 +0800
@@ -10,8 +10,13 @@
 If you are packaging Requests, e.g., for a Linux distribution or a managed
 environment, you can change the definition of where() to return a separately
 packaged CA bundle.
 +
 +This Fedora-patched package returns "/etc/pki/tls/certs/ca-bundle.crt" provided
 +by the ca-certificates RPM package.
 """
 -from certifi import where
 +def where():
 +    """Return the absolute path to the system CA bundle."""
 +    return '/etc/pki/tls/certs/ca-bundle.crt'
-
+
 if __name__ == '__main__':
     print(where())
-diff -Naur requests-2.24.0/setup.py requests-1/setup.py
+diff -uNrp a/setup.py b/setup.py
--- requests-2.24.0/setup.py    2020-08-04 18:05:14.250000000 +0800
+--- a/setup.py	2019-12-20 15:17:38.304000000 +0800
-+++ requests-1/setup.py 2020-08-04 18:07:46.508000000 +0800
+++ b/setup.py	2019-12-20 15:14:39.212000000 +0800
-@@ -45,7 +45,6 @@
+@@ -45,7 +45,6 @@ requires = [
-     'chardet>=3.0.2,<4',
+     'chardet>=3.0.2,<3.1.0',
-     'idna>=2.5,<3',
+     'idna>=2.5,<2.9',
-     'urllib3>=1.21.1,<1.26,!=1.25.0,!=1.25.1',
+     'urllib3>=1.21.1,<1.25',
 -    'certifi>=2017.4.17'
-
+ 
 ]
 test_requirements = [
--- a/python-requests.spec
+++ b/python-requests.spec
@ -1,19 +1,19 @@
 %bcond_with tests
 Name:           python-requests
-Version:        2.24.0
+Version:        2.21.0
-Release:        3
+Release:        4
 Summary:        Python HTTP Library
 License:        ASL 2.0
 URL:            http://python-requests.org/
-Source0:        https://github.com/psf/requests/archive/v%{version}.tar.gz
+Source0:        https://github.com/requests/requests/archive/v%{version}/requests-v%{version}.tar.gz
-Patch1:         requests-2.12.4-tests_nonet.patch
+#These patches are from Redhat
-Patch2:         requests-2.20.0-no-py2-httpbin.patch
+Patch0:         patch-requests-certs.py-to-use-the-system-CA-bundle.patch
-Patch3:         patch-requests-certs.py-to-use-the-system-CA-bundle.patch
+Patch2:         Remove-tests-that-use-the-tarpit.patch
-Patch4:         Remove-tests-that-use-the-tarpit.patch 
+Patch3:         requests-2.12.4-tests_nonet.patch
-Patch6000:      backport-CVE-2023-32681.patch
+Patch4:         Don-t-inject-pyopenssl-into-urllib3.patch
-Patch6001:      backport-CVE-2024-1682.patch
+Patch5:         requests-2.20.0-no-py2-httpbin.patch
 BuildArch:      noarch
@ -114,21 +114,6 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} %{__python3} -m pytest -v
 %doc HISTORY.md README.md
 %changelog
 * Mon Nov 18 2024 zhangpan <zhangpan103@h-partners.com> - 2.24.0-3
 - fix CVE-2024-1682
 * Wed May 31 2023 zhangpan <zhangpan103@h-partners.com> - 2.24.0-2
 - fix CVE-2023-32681
 * Tue Aug 18 2020 jinzhimin <jinzhimin2@huawei.com> - 2.24.0-1
 - update package to 2.24.0
 * Sat Jan 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.21.0-5
 - Type:enhancement
 - ID:NA
 - SUG:NA
 - DESC: delete describe info
 * Fri Dec 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.21.0-4
 - Type:bugfix
 - Id:NA
--- a/requests-v2.21.0.tar.gz
+++ b/requests-v2.21.0.tar.gz