From 646a9b1dc84ac9e8848c83fcc11c3cb40b57fc39 Mon Sep 17 00:00:00 2001
From: chengyechun <chengyechun1@huawei.com>
Date: Tue, 1 Aug 2023 17:13:02 +0800
Subject: [PATCH] delete the patch

---
 backport-CVE-2021-28363.patch | 93 -----------------------------------
 python-urllib3.spec           |  9 +++-
 2 files changed, 7 insertions(+), 95 deletions(-)
 delete mode 100644 backport-CVE-2021-28363.patch

diff --git a/backport-CVE-2021-28363.patch b/backport-CVE-2021-28363.patch
deleted file mode 100644
index 25920e9..0000000
--- a/backport-CVE-2021-28363.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 8d65ea1ecf6e2cdc27d42124e587c1b83a3118b0 Mon Sep 17 00:00:00 2001
-From: Jorge <JALopezSilva@gmail.com>
-Date: Mon, 15 Mar 2021 06:49:49 -0700
-Subject: [PATCH] Merge pull request from GHSA-5phf-pp7p-vc2r
-
-* Enable hostname verification for HTTPS proxies with default cert.
-
-Signed-off-by: Jorge Lopez Silva <jalopezsilva@gmail.com>
-
-* Adjust exception check for Python 3.9+
-
-Signed-off-by: Jorge Lopez Silva <jalopezsilva@gmail.com>
-
-* Use a SAN instead of a common name.
-
-Signed-off-by: Jorge Lopez Silva <jalopezsilva@gmail.com>
----
- src/urllib3/connection.py                     |  4 ++++
- test/conftest.py                              | 11 ++++++++++
- .../test_proxy_poolmanager.py                 | 20 +++++++++++++++++++
- 3 files changed, 35 insertions(+)
-
-diff --git a/src/urllib3/connection.py b/src/urllib3/connection.py
-index 60f70f7..f59f29b 100644
---- a/src/urllib3/connection.py
-+++ b/src/urllib3/connection.py
-@@ -495,6 +495,10 @@ class HTTPSConnection(HTTPConnection):
-             self.ca_cert_dir,
-             self.ca_cert_data,
-         )
-+        # By default urllib3's SSLContext disables `check_hostname` and uses
-+        # a custom check. For proxies we're good with relying on the default
-+        # verification.
-+        ssl_context.check_hostname = True
- 
-         # If no cert was provided, use only the default options for server
-         # certificate validation
-diff --git a/test/conftest.py b/test/conftest.py
-index 10c3a54..d4bbd97 100644
---- a/test/conftest.py
-+++ b/test/conftest.py
-@@ -103,6 +103,17 @@ def no_san_server(tmp_path_factory):
-         yield cfg
- 
- 
-+@pytest.fixture
-+def no_localhost_san_server(tmp_path_factory):
-+    tmpdir = tmp_path_factory.mktemp("certs")
-+    ca = trustme.CA()
-+    # non localhost common name
-+    server_cert = ca.issue_cert(u"example.com")
-+
-+    with run_server_in_thread("https", "localhost", tmpdir, ca, server_cert) as cfg:
-+        yield cfg
-+
-+
- @pytest.fixture
- def no_san_proxy(tmp_path_factory):
-     tmpdir = tmp_path_factory.mktemp("certs")
-diff --git a/test/with_dummyserver/test_proxy_poolmanager.py b/test/with_dummyserver/test_proxy_poolmanager.py
-index d5e91a0..0f8df60 100644
---- a/test/with_dummyserver/test_proxy_poolmanager.py
-+++ b/test/with_dummyserver/test_proxy_poolmanager.py
-@@ -565,6 +565,26 @@ class TestIPv6HTTPProxyManager(IPv6HTTPDummyProxyTestCase):
-             r = http.request("GET", "%s/" % self.https_url)
-             assert r.status == 200
- 
-+class TestHTTPSProxyVerification:
-+    @onlyPy3
-+    def test_https_proxy_hostname_verification(self, no_localhost_san_server):
-+        bad_server = no_localhost_san_server
-+        bad_proxy_url = "https://%s:%s" % (bad_server.host, bad_server.port)
-+
-+        # An exception will be raised before we contact the destination domain.
-+        test_url = "testing.com"
-+        with proxy_from_url(bad_proxy_url, ca_certs=bad_server.ca_certs) as https:
-+            with pytest.raises(MaxRetryError) as e:
-+                https.request("GET", "http://%s/" % test_url)
-+            assert isinstance(e.value.reason, SSLError)
-+            assert "hostname 'localhost' doesn't match" in str(e.value.reason)
-+
-+            with pytest.raises(MaxRetryError) as e:
-+                https.request("GET", "https://%s/" % test_url)
-+            assert isinstance(e.value.reason, SSLError)
-+            assert "hostname 'localhost' doesn't match" in str(
-+                e.value.reason
-+            ) or "Hostname mismatch" in str(e.value.reason)
- 
- class TestHTTPSProxyVerification:
-     @onlyPy3
--- 
-2.27.0
-
diff --git a/python-urllib3.spec b/python-urllib3.spec
index 8eb46fa..1349aae 100644
--- a/python-urllib3.spec
+++ b/python-urllib3.spec
@@ -3,7 +3,7 @@
 
 Name:           python-%{srcname}
 Version:        1.26.16
-Release:        1
+Release:        2
 Summary:        Sanity-friendly HTTP client for Python
 License:        MIT
 URL:            https://urllib3.readthedocs.io
@@ -11,7 +11,6 @@ Source0:        https://github.com/urllib3/urllib3/archive/refs/tags/%{version}.
 Source1:        ssl_match_hostname_py3.py
 
 Patch0001:      remove_mock.patch
-Patch6000:      backport-CVE-2021-28363.patch
 
 BuildArch:      noarch
 
@@ -77,6 +76,12 @@ PYTHONPATH=%{buildroot}%{python3_sitelib}:%{python3_sitelib} %{__python3} -m pyt
 %{python3_sitelib}/urllib3-*.egg-info
 
 %changelog
+* Tue Aug 01 2023 chengyechun <chengyechun1@huawei.com> - 1.26.16-2
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:delete the unnecessary patch
+
 * Mon Jul 31 2023 chengyechun <chengyechun1@huawei.com> - 1.26.16-1
 - Type:enhancement
 - CVE:NA
-- 
Gitee