diff --git a/backport-Change-TARPIT_HOST-to-detect-isolated-network.patch b/backport-Change-TARPIT_HOST-to-detect-isolated-network.patch new file mode 100644 index 0000000000000000000000000000000000000000..f8581727041c58ffaaae5e6d38b49773e0bd0056 --- /dev/null +++ b/backport-Change-TARPIT_HOST-to-detect-isolated-network.patch @@ -0,0 +1,31 @@ +From 7a4a7a1ae01f9ff848b62dfa663703a1ac8b88fd Mon Sep 17 00:00:00 2001 +From: hodbn +Date: Fri, 24 Apr 2020 05:50:14 -0700 +Subject: [PATCH] [1.25] Change TARPIT_HOST to detect isolated network (#1862) + +--- + test/__init__.py | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/test/__init__.py b/test/__init__.py +index 2f6db2e041..01f02738d0 100644 +--- a/test/__init__.py ++++ b/test/__init__.py +@@ -19,8 +19,14 @@ + from urllib3.util import ssl_ + + # We need a host that will not immediately close the connection with a TCP +-# Reset. SO suggests this hostname +-TARPIT_HOST = "10.255.255.1" ++# Reset. ++if platform.system() == "Windows": ++ # Reserved loopback subnet address ++ TARPIT_HOST = "127.0.0.0" ++else: ++ # Reserved internet scoped address ++ # https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml ++ TARPIT_HOST = "240.0.0.0" + + # (Arguments for socket, is it IPv6 address?) + VALID_SOURCE_ADDRESSES = [(("::1", 0), True), (("127.0.0.1", 0), False)] + diff --git a/backport-Do-not-insert-None-into-ConnectionPool-if-it-was-empty.patch b/backport-Do-not-insert-None-into-ConnectionPool-if-it-was-empty.patch new file mode 100644 index 0000000000000000000000000000000000000000..1606b9ad8daa1163512ef672aae8b3df4040f256 --- /dev/null +++ b/backport-Do-not-insert-None-into-ConnectionPool-if-it-was-empty.patch @@ -0,0 +1,67 @@ +From 57afd5937c37862cfaa8d06c43e51eb06cb907e1 Mon Sep 17 00:00:00 2001 +From: hodbn +Date: Tue, 28 Apr 2020 05:57:16 -0700 +Subject: [PATCH] [1.25] Don't insert 'None' into ConnectionPool if it was + empty + +--- + src/urllib3/connectionpool.py | 8 +++++--- + test/test_connectionpool.py | 11 ++++++++++- + 2 files changed, 15 insertions(+), 4 deletions(-) + +diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py +index 5f044dbd90..174fe6c2e1 100644 +--- a/src/urllib3/connectionpool.py ++++ b/src/urllib3/connectionpool.py +@@ -698,9 +698,11 @@ def urlopen( + # Everything went great! + clean_exit = True + +- except queue.Empty: +- # Timed out by queue. +- raise EmptyPoolError(self, "No pool connections are available.") ++ except EmptyPoolError: ++ # Didn't get a connection from the pool, no need to clean up ++ clean_exit = True ++ release_this_conn = False ++ raise + + except ( + TimeoutError, +diff --git a/test/test_connectionpool.py b/test/test_connectionpool.py +index 3cd215304f..615fdfc0c1 100644 +--- a/test/test_connectionpool.py ++++ b/test/test_connectionpool.py +@@ -2,6 +2,7 @@ + + import ssl + import pytest ++from mock import Mock + + from urllib3.connectionpool import ( + connection_from_url, +@@ -279,7 +280,6 @@ def _test(exception, expect, reason=None): + + # Make sure that all of the exceptions return the connection + # to the pool +- _test(Empty, EmptyPoolError) + _test(BaseSSLError, MaxRetryError, SSLError) + _test(CertificateError, MaxRetryError, SSLError) + +@@ -292,6 +292,15 @@ def _test(exception, expect, reason=None): + pool.request("GET", "/", retries=1, pool_timeout=SHORT_TIMEOUT) + assert pool.pool.qsize() == POOL_SIZE + ++ def test_empty_does_not_put_conn(self): ++ """Do not put None back in the pool if the pool was empty""" ++ ++ with HTTPConnectionPool(host="localhost", maxsize=1, block=True) as pool: ++ pool._get_conn = Mock(side_effect=EmptyPoolError(pool, "Pool is empty")) ++ pool._put_conn = Mock(side_effect=AssertionError("Unexpected _put_conn")) ++ with pytest.raises(EmptyPoolError): ++ pool.request("GET", "/") ++ + def test_assert_same_host(self): + with connection_from_url("http://google.com:80") as c: + with pytest.raises(HostChangedError): + diff --git a/python-urllib3.spec b/python-urllib3.spec index 790ef19ca2b5523dba03bf8bbfc68347ad3b2589..25d136afd73fd92fe37f6a2434498a19a0f17e27 100644 --- a/python-urllib3.spec +++ b/python-urllib3.spec @@ -3,7 +3,7 @@ Name: python-%{srcname} Version: 1.25.9 -Release: 3 +Release: 4 Summary: Sanity-friendly HTTP client for Python License: MIT URL: https://urllib3.readthedocs.io @@ -13,6 +13,8 @@ Source1: ssl_match_hostname_py3.py BuildArch: noarch Patch0000: set-RECENT_DATE-not-be-older-than-2-years.patch Patch6000: backport-CVE-2021-33503.patch +Patch6001: backport-Change-TARPIT_HOST-to-detect-isolated-network.patch +Patch6002: backport-Do-not-insert-None-into-ConnectionPool-if-it-was-empty.patch %global _description \ HTTP library with thread-safe connection pooling, file post support,\ @@ -110,13 +112,19 @@ PYTHONPATH=%{buildroot}%{python3_sitelib}:%{python3_sitelib} %{__python3} -m pyt %{python3_sitelib}/urllib3-*.egg-info %changelog -* Mon 05 Jul 2021 zhanzhimin - 1.25.9-3 +* Mon Nov 22 2021 zhuqingfu - 1.25.9-4 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:do not insert none into connectionpool when it is empty + +* Mon Jul 05 2021 zhanzhimin - 1.25.9-3 - fix CVE-2021-33503 -* Mon 24 May 2021 sunguoshuai - 1.25.9-2 +* Mon May 24 2021 sunguoshuai - 1.25.9-2 - fix check error by set RECENT_DATE -* Wed 25 Nov 2020 leiju - 1.25.9-1 +* Wed Nov 25 2020 leiju - 1.25.9-1 - upgrade to 1.25.9 * Sat Oct 26 2019 openEuler Buildteam - 1.24.3-2