kevin pushed to python-httplib2 (master). "- Add patch to fix http over proxy. Fixes bug #857514 (..more)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Fri Apr 3 19:27:17 UTC 2015
>From 2ddc623a079376dc8ad24b2b5153919a8a724686 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin at scrye.com>
Date: Fri, 3 Apr 2015 13:26:39 -0600
Subject: - Add patch to fix http over proxy. Fixes bug #857514 - Add patch to
fix CVE-2013-2037. Fixes bug #958640 - Add patch to fix binary headers in
python3. Fixes bug #1205127
diff --git a/python-httplib2-0.9-binary-header-python3.patch b/python-httplib2-0.9-binary-header-python3.patch
new file mode 100644
index 0000000..f761e4c
--- /dev/null
+++ b/python-httplib2-0.9-binary-header-python3.patch
@@ -0,0 +1,59 @@
+From 93ba12c7d7483af5374ba5f0e62a46ddc5e1ffe2 Mon Sep 17 00:00:00 2001
+From: i026e <klev.paul at gmail.com>
+Date: Wed, 17 Dec 2014 11:25:07 +0300
+Subject: [PATCH 1/2] Update __init__.py
+
+There is a problem with headers when a binary string is passed (like b'Authorization')
+I've added a function to decode such strings.
+It is not an elegant solution, but it works for me
+---
+ python3/httplib2/__init__.py | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/python3/httplib2/__init__.py b/python3/httplib2/__init__.py
+index 43f7419..b7b00b1 100644
+--- a/python3/httplib2/__init__.py
++++ b/python3/httplib2/__init__.py
+@@ -192,8 +192,13 @@ def safename(filename):
+
+ NORMALIZE_SPACE = re.compile(r'(?:\r\n)?[ \t]+')
+ def _normalize_headers(headers):
+- return dict([ (key.lower(), NORMALIZE_SPACE.sub(value, ' ').strip()) for (key, value) in headers.items()])
++ return dict([ (_convert_byte_str(key).lower(), NORMALIZE_SPACE.sub(_convert_byte_str(value), ' ').strip()) for (key, value) in headers.items()])
+
++def _convert_byte_str(s):
++ if not isinstance(s, str):
++ return str(s, 'utf-8')
++ return s
++
+ def _parse_cache_control(headers):
+ retval = {}
+ if 'cache-control' in headers:
+
+From 1cf37bd8f5ddc8ac629b07031f7c5341840b5b7e Mon Sep 17 00:00:00 2001
+From: Cristobal <cganterh at gmail.com>
+Date: Mon, 2 Mar 2015 21:00:03 -0300
+Subject: [PATCH 2/2] Added unit test for _convert_byte_str in
+ python3/httplib2test.py.
+
+---
+ python3/httplib2test.py | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/python3/httplib2test.py b/python3/httplib2test.py
+index 5f786bd..246956a 100755
+--- a/python3/httplib2test.py
++++ b/python3/httplib2test.py
+@@ -1235,6 +1235,12 @@ def testNormalizeHeaders(self):
+ self.assertTrue('cache-control' in h)
+ self.assertTrue('other' in h)
+ self.assertEqual('Stuff', h['other'])
++
++ def testConvertByteStr(self):
++ with self.assertRaises(TypeError):
++ httplib2._convert_byte_str(4)
++ self.assertEqual('Hello World', httplib2._convert_byte_str(b'Hello World'))
++ self.assertEqual('Bye World', httplib2._convert_byte_str('Bye World'))
+
+ def testExpirationModelTransparent(self):
+ # Test that no-cache makes our request TRANSPARENT
diff --git a/python-httplib2-0.9-cve-2013-2037.patch b/python-httplib2-0.9-cve-2013-2037.patch
new file mode 100644
index 0000000..6a09337
--- /dev/null
+++ b/python-httplib2-0.9-cve-2013-2037.patch
@@ -0,0 +1,21 @@
+diff -Nur httplib2-0.9.orig/python2/httplib2/__init__.py httplib2-0.9/python2/httplib2/__init__.py
+--- httplib2-0.9.orig/python2/httplib2/__init__.py 2015-04-03 13:10:43.401035131 -0600
++++ httplib2-0.9/python2/httplib2/__init__.py 2015-04-03 13:10:08.470685647 -0600
+@@ -1042,7 +1042,7 @@
+ raise CertificateHostnameMismatch(
+ 'Server presented certificate that does not match '
+ 'host %s: %s' % (hostname, cert), hostname, cert)
+- except ssl_SSLError, e:
++ except (ssl_SSLError, CertificateHostnameMismatch), e:
+ if sock:
+ sock.close()
+ if self.sock:
+@@ -1052,7 +1052,7 @@
+ # to get at more detailed error information, in particular
+ # whether the error is due to certificate validation or
+ # something else (such as SSL protocol mismatch).
+- if e.errno == ssl.SSL_ERROR_SSL:
++ if hasattr(e, 'errno') and e.errno == ssl.SSL_ERROR_SSL:
+ raise SSLHandshakeError(e)
+ else:
+ raise
diff --git a/python-httplib2-0.9-proxy-http.patch b/python-httplib2-0.9-proxy-http.patch
new file mode 100644
index 0000000..0d55002
--- /dev/null
+++ b/python-httplib2-0.9-proxy-http.patch
@@ -0,0 +1,16 @@
+diff -Nur httplib2-0.9.orig/python2/httplib2/__init__.py httplib2-0.9/python2/httplib2/__init__.py
+--- httplib2-0.9.orig/python2/httplib2/__init__.py 2015-04-03 12:56:04.834370332 -0600
++++ httplib2-0.9/python2/httplib2/__init__.py 2015-04-03 12:58:16.441925454 -0600
+@@ -838,7 +838,11 @@
+ else:
+ port = dict(https=443, http=80)[method]
+
+- proxy_type = 3 # socks.PROXY_TYPE_HTTP
++ if method == 'http':
++ proxy_type = 4 # socks.PROXY_TYPE_HTTP_NO_TUNNEL
++ else:
++ proxy_type = 3 # socks.PROXY_TYPE_HTTP
++
+ return ProxyInfo(
+ proxy_type = proxy_type,
+ proxy_host = host,
diff --git a/python-httplib2.spec b/python-httplib2.spec
index b0a661c..8854c62 100644
--- a/python-httplib2.spec
+++ b/python-httplib2.spec
@@ -10,7 +10,7 @@
Name: python-httplib2
Version: 0.9
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: A comprehensive HTTP client library
Group: System Environment/Libraries
License: MIT
@@ -22,6 +22,23 @@ Source0: https://pypi.python.org/packages/source/h/httplib2/httplib2-%{ve
Patch1: %{name}.certfile.patch
Patch2: %{name}.getCertHost.patch
Patch3: %{name}.rfc2459.patch
+#
+# Fix proxy with plain http
+# https://bugzilla.redhat.com/show_bug.cgi?id=857514
+# https://github.com/jcgregorio/httplib2/issues/228
+#
+Patch4: python-httplib2-0.9-proxy-http.patch
+#
+# Fix for python2 invalid ssl cert hostname on second run
+# https://bugzilla.redhat.com/show_bug.cgi?id=958638
+#
+Patch5: python-httplib2-0.9-cve-2013-2037.patch
+#
+# Fix binary header handling in python3
+# https://github.com/jcgregorio/httplib2/pull/296
+#
+Patch6: python-httplib2-0.9-binary-header-python3.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: python-setuptools
BuildRequires: python-devel
@@ -50,6 +67,9 @@ other HTTP libraries.
%patch1 -p1 -b .certfile
%patch2 -p0 -b .getCertHost
%patch3 -p0 -b .rfc2459
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
%if 0%{?with_python3}
rm -rf %{py3dir}
@@ -90,6 +110,11 @@ rm -rf $RPM_BUILD_ROOT
%endif # with_python3
%changelog
+* Fri Apr 03 2015 Kevin Fenzi <kevin at scrye.com> 0.9-6
+- Add patch to fix http over proxy. Fixes bug #857514
+- Add patch to fix CVE-2013-2037. Fixes bug #958640
+- Add patch to fix binary headers in python3. Fixes bug #1205127
+
* Mon Jan 12 2015 Adam Williamson <awilliam at redhat.com> - 0.9-5
- certfile.patch: use /etc/pki/tls not /etc/ssl/certs, patch python3 too
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/python-httplib2.git/commit/?h=master&id=2ddc623a079376dc8ad24b2b5153919a8a724686
More information about the scm-commits
mailing list