From 8600c3ef5adf88a4935f89da8e196e4cb52192e8 Mon Sep 17 00:00:00 2001 From: chenhaxing Date: Tue, 21 Mar 2023 14:27:38 +0800 Subject: [PATCH] backport some patches (cherry picked from commit 68895791717d0fcea74a0aaa3db01856c6e44fac) --- ...ort-Fix-_idna_encode-handling-of-x80.patch | 29 +++++++ ...-value-when-HTTPConnection-is-reused.patch | 75 +++++++++++++++++++ ...acter-from-the-unreserved-characters.patch | 27 +++++++ python-urllib3.spec | 13 +++- 4 files changed, 143 insertions(+), 1 deletion(-) create mode 100644 backport-Fix-_idna_encode-handling-of-x80.patch create mode 100644 backport-Fix-socket-timeout-value-when-HTTPConnection-is-reused.patch create mode 100644 backport-Remove-Exclamation-mark-character-from-the-unreserved-characters.patch diff --git a/backport-Fix-_idna_encode-handling-of-x80.patch b/backport-Fix-_idna_encode-handling-of-x80.patch new file mode 100644 index 0000000..e40e452 --- /dev/null +++ b/backport-Fix-_idna_encode-handling-of-x80.patch @@ -0,0 +1,29 @@ +From a06c05cd4bba292ee26e3e9116cff902e0440b52 Mon Sep 17 00:00:00 2001 +From: Ben Kallus <49924171+kenballus@users.noreply.github.com> +Date: Wed, 8 Feb 2023 15:19:07 +0000 +Subject: [PATCH] Fix _idna_encode handling of '\x80' + +Co-authored-by: Illia Volochii + +Conflict:1.The content of "@@" is adapted 2.The line number is adapted +Reference:https://github.com/urllib3/urllib3/commit/a06c05cd4bba292ee26e3e9116cff902e0440b52 +--- + src/urllib3/util/url.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py +index 63166e8..8bac93a 100644 +--- a/src/urllib3/util/url.py ++++ b/src/urllib3/util/url.py +@@ -300,7 +300,7 @@ def _normalize_host(host, scheme): + + + def _idna_encode(name): +- if name and any([ord(x) > 128 for x in name]): ++ if name and any(ord(x) >= 128 for x in name): + try: + import idna + except ImportError: +-- +2.27.0 + \ No newline at end of file diff --git a/backport-Fix-socket-timeout-value-when-HTTPConnection-is-reused.patch b/backport-Fix-socket-timeout-value-when-HTTPConnection-is-reused.patch new file mode 100644 index 0000000..ea1fadc --- /dev/null +++ b/backport-Fix-socket-timeout-value-when-HTTPConnection-is-reused.patch @@ -0,0 +1,75 @@ +From a7ce8e0881c94800b14687145ee11940246d2b22 Mon Sep 17 00:00:00 2001 +From: Nick Williams <68963309+nickwilliams-zaxiom@users.noreply.github.com> +Date: Fri, 20 Jan 2023 07:59:33 -0600 +Subject: [PATCH] [1.26] Fix socket timeout value when HTTPConnection is reused + +Co-authored-by: Seth Michael Larson +Co-authored-by: Quentin Pradet + +Conflict:1.The content of "@@" is adapted 2.The line number is adapted 3. no add testcode +Reference:https://github.com/urllib3/urllib3/commit/a7ce8e0881c94800b14687145ee11940246d2b22 +--- + src/urllib3/connection.py | 5 +++++ + src/urllib3/connectionpool.py | 2 +- + src/urllib3/util/timeout.py | 9 ++++++--- + 3 files changed, 12 insertions(+), 4 deletions(-) + +diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py +index f48daea..f121511 100644 +--- a/src/urllib3/connection.py ++++ b/src/urllib3/connection.py +@@ -229,6 +229,11 @@ class HTTPConnection(_HTTPConnection, object): + ) + + def request(self, method, url, body=None, headers=None): ++ # Update the inner socket's timeout value to send the request. ++ # This only triggers if the connection is re-used. ++ if getattr(self, "sock", None) is not None: ++ self.sock.settimeout(self.timeout) ++ + if headers is None: + headers = {} + else: +diff --git a/src/urllib3/connectionpool.py b/src/urllib3/connectionpool.py +index 8dccf4b..e528019 100644 +--- a/src/urllib3/connectionpool.py ++++ b/src/urllib3/connectionpool.py +@@ -375,7 +375,7 @@ class HTTPConnectionPool(ConnectionPool, RequestMethods): + + timeout_obj = self._get_timeout(timeout) + timeout_obj.start_connect() +- conn.timeout = timeout_obj.connect_timeout ++ conn.timeout = Timeout.resolve_default_timeout(timeout_obj.connect_timeout) + + # Trigger any extra validation we need to do. + try: +diff --git a/src/urllib3/util/timeout.py b/src/urllib3/util/timeout.py +index ff69593..78e18a6 100644 +--- a/src/urllib3/util/timeout.py ++++ b/src/urllib3/util/timeout.py +@@ -2,9 +2,8 @@ from __future__ import absolute_import + + import time + +-# The default socket timeout, used by httplib to indicate that no timeout was +-# specified by the user +-from socket import _GLOBAL_DEFAULT_TIMEOUT ++# The default socket timeout, used by httplib to indicate that no timeout was; specified by the user ++from socket import _GLOBAL_DEFAULT_TIMEOUT, getdefaulttimeout + + from ..exceptions import TimeoutStateError + +@@ -116,6 +115,10 @@ class Timeout(object): + # __str__ provided for backwards compatibility + __str__ = __repr__ + ++ @classmethod ++ def resolve_default_timeout(cls, timeout): ++ return getdefaulttimeout() if timeout is cls.DEFAULT_TIMEOUT else timeout ++ + @classmethod + def _validate_timeout(cls, value, name): + """Check that a timeout attribute is valid. +-- +2.27.0 + \ No newline at end of file diff --git a/backport-Remove-Exclamation-mark-character-from-the-unreserved-characters.patch b/backport-Remove-Exclamation-mark-character-from-the-unreserved-characters.patch new file mode 100644 index 0000000..5bd2301 --- /dev/null +++ b/backport-Remove-Exclamation-mark-character-from-the-unreserved-characters.patch @@ -0,0 +1,27 @@ +From 27370204dbcb2ee555a136948afee276a96ddc87 Mon Sep 17 00:00:00 2001 +From: Ben Kallus <49924171+kenballus@users.noreply.github.com> +Date: Fri, 3 Feb 2023 08:38:04 -0500 +Subject: [PATCH] [1.26] Remove "!" character from the "unreserved" characters + in IPv6 Zone ID parsing + +Conflict:The content of "index" and "@@" are adapted +Reference:https://github.com/urllib3/urllib3/commit/27370204dbcb2ee555a136948afee276a96ddc87 +--- + src/urllib3/util/url.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/urllib3/util/url.py b/src/urllib3/util/url.py +index 63166e8..33dfb45 100644 +--- a/src/urllib3/util/url.py ++++ b/src/urllib3/util/url.py +@@ -50,7 +50,7 @@ _variations = [ + "(?:(?:%(hex)s:){0,6}%(hex)s)?::", + ] + +-UNRESERVED_PAT = r"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._!\-~" ++UNRESERVED_PAT = r"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._\-~" + IPV6_PAT = "(?:" + "|".join([x % _subs for x in _variations]) + ")" + ZONE_ID_PAT = "(?:%25|%)(?:[" + UNRESERVED_PAT + "]|%[a-fA-F0-9]{2})+" + IPV6_ADDRZ_PAT = r"\[" + IPV6_PAT + r"(?:" + ZONE_ID_PAT + r")?\]" +-- +2.27.0 diff --git a/python-urllib3.spec b/python-urllib3.spec index be7fca4..1e9ec0b 100644 --- a/python-urllib3.spec +++ b/python-urllib3.spec @@ -3,7 +3,7 @@ Name: python-%{srcname} Version: 1.26.12 -Release: 3 +Release: 4 Summary: Sanity-friendly HTTP client for Python License: MIT URL: https://urllib3.readthedocs.io @@ -14,6 +14,9 @@ Patch0001: remove_mock.patch Patch6000: backport-CVE-2021-28363.patch Patch6001: backport-strip-leading-zeros-form-ports.patch Patch6002: backport-fixed-issue-with-port-0-returning-None.patch +Patch6003: backport-Fix-socket-timeout-value-when-HTTPConnection-is-reused.patch +Patch6004: backport-Remove-Exclamation-mark-character-from-the-unreserved-characters.patch +Patch6005: backport-Fix-_idna_encode-handling-of-x80.patch BuildArch: noarch @@ -79,6 +82,14 @@ PYTHONPATH=%{buildroot}%{python3_sitelib}:%{python3_sitelib} %{__python3} -m pyt %{python3_sitelib}/urllib3-*.egg-info %changelog +* Tue Mar 21 2023 chenhaixing - 1.26.12-4 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:fix socket timeout value when HTTPConnect is reused + remove Exclamation mark character from the unreserved characters + fix _idna_encode handling of x80 + * Fri Feb 10 2023 chenhaixing - 1.26.12-3 - Type:bugfix - CVE:NA -- Gitee