python3-requests: Fix functionality break introduced by CVE-2024-35195

CVE-2024-35195 fix in python3-requests breaks docker-py This patch addresses the issue Upstream discussion: requests: psf/requests#6710 docker: docker/docker-py#3256 Fix in python3-pip as it uses vulnerable requests Change-Id: I4a39f6f178b6212c08f08030a22112093763f6fb Reviewed-on: http://photon-gerrit.lvn.broadcom.net/c/photon/+/25188 Reviewed-by: Shreenidhi Shedi <[email protected]> Reviewed-by: Tapas Kundu <[email protected]> Tested-by: gerrit-photon <[email protected]>
vmware · Feb 24, 2025 · 9091021 · 9091021
1 parent 9eeda20
commit 9091021
Show file tree

Hide file tree

Showing 11 changed files with 792 additions and 15 deletions.
diff --git a/SPECS/asciidoc3/asciidoc3.spec b/SPECS/asciidoc3/asciidoc3.spec
@@ -3,7 +3,7 @@
 Summary:        AsciiDoc is a human readable text document format
 Name:           asciidoc3
 Version:        3.2.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv2+
 URL:            https://gitlab.com/asciidoc3/asciidoc3
 Group:          System Environment/Development
@@ -50,6 +50,8 @@ mv %{buildroot}/asciidoc3 %{buildroot}%{python3_sitelib}
 %{_bindir}/*
 
 %changelog
+* Thu Feb 06 2025 Prashant S Chauhan <[email protected]> 3.2.0-4
+- Bump up release as part of python3-pip upgrade
 * Tue Jan 09 2024 Prashant S Chauhan <[email protected]> 3.2.0-3
 - Add python3-pip as runtime Requires
 * Mon Nov 15 2021 Prashant S Chauhan <[email protected]> 3.2.0-2

diff --git a/SPECS/docker-py/docker-py.spec b/SPECS/docker-py/docker-py.spec
@@ -1,6 +1,6 @@
 Name:           docker-py3
 Version:        6.0.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Python API for docker
 License:        ASL2.0
 Group:          Development/Languages/Python
@@ -11,6 +11,8 @@ URL:            https://github.com/docker/docker-py
 Source0: https://github.com/docker/docker-py/releases/download/%{version}/docker-%{version}.tar.gz
 %define sha512 docker=09edf7b058d38d34d0fe0432b336d6fc494648c0e41cf4ae7f7bbf3db158143ca8fbea87e51d3b354c5f40bd7f1481e003e4b55f879ef562e91f19b62143c271
 
+Patch0: fix-for-requests.patch
+
 BuildRequires: python3-devel
 BuildRequires: python3-ipaddress
 BuildRequires: python3-pip
@@ -30,7 +32,7 @@ Requires: python3
 Requires: docker-pycreds3
 Requires: python3-backports.ssl_match_hostname
 Requires: python3-ipaddress
-Requires: python3-requests
+Requires: python3-requests >= 2.26.0-5
 Requires: python3-six
 Requires: python3-websocket-client
 
@@ -61,6 +63,8 @@ rm -rf %{buildroot}/*
 %{python3_sitelib}/*
 
 %changelog
+* Wed Jan 15 2025 Prashant S Chauhan <[email protected]> 6.0.0-2
+- Fix functionality break introduced by CVE-2024-35195 in python3-requests
 * Mon Oct 24 2022 Shreenidhi Shedi <[email protected]> 6.0.0-1
 - Upgrade to v6.0.0
 * Thu Dec 09 2021 Prashant S Chauhan <[email protected]> 4.3.1-2

diff --git a/SPECS/docker-py/fix-for-requests.patch b/SPECS/docker-py/fix-for-requests.patch
@@ -0,0 +1,18 @@
+From e33e0a437ecd895158c8cb4322a0cdad79312636 Mon Sep 17 00:00:00 2001
+From: Felix Fontein <[email protected]>
+Date: Mon, 20 May 2024 21:13:41 +0200
+Subject: Hotfix for requests 2.32.2+.
+
+diff --git a/docker/transport/basehttpadapter.py b/docker/transport/basehttpadapter.py
+index dfbb193..2301b6b 100644
+--- a/docker/transport/basehttpadapter.py
++++ b/docker/transport/basehttpadapter.py
+@@ -6,3 +6,8 @@ class BaseHTTPAdapter(requests.adapters.HTTPAdapter):
+         super().close()
+         if hasattr(self, 'pools'):
+             self.pools.clear()
++
++    # Fix for requests 2.32.2+:
++    # https://github.com/psf/requests/commit/c98e4d133ef29c46a9b68cd783087218a8075e05
++    def get_connection_with_tls_context(self, request, verify, proxies=None, cert=None):
++        return self.get_connection(request.url, proxies)
diff --git a/SPECS/python-pyudev/python-pyudev.spec b/SPECS/python-pyudev/python-pyudev.spec
@@ -1,12 +1,12 @@
 Summary:        Python binding for libudev
 Name:           python3-pyudev
 Version:        0.22.0
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        GNU Library or Lesser General Public License (LGPL) (LGPL 2.1+)
 Group:          Development/Languages/Python
 URL:            https://pypi.org/project/pyudev
 Source0:        pyudev-%{version}.tar.gz
-%define         sha1 pyudev=1826db6e768153548df20bfd0a3149f5db9f80e7
+%define         sha512 pyudev=a09ed479a54a1772a6af68cb975fef792068c2de3655e20223905bc3f574fd32bd3dbe6b97062eee3ab5f08a8b041ad3ea86dfb68c839ea44e29d65ec1686670
 Vendor:         VMware, Inc.
 Distribution:   Photon
 BuildArch:      noarch
@@ -17,9 +17,8 @@ BuildRequires:  python3-xml
 BuildRequires:  systemd-devel
 Requires:       systemd
 Requires:       python3
-Requires:       python3-pip
 Requires:       python3-six
-%if %{with_check}
+%if 0%{?with_check}
 BuildRequires:  python3-pip
 BuildRequires:  curl-devel
 BuildRequires:  python3-six
@@ -58,7 +57,9 @@ python3 setup.py test
 %{python3_sitelib}/*
 
 %changelog
-*   Thu Dec 09 2021 Prashant S Chauhan <[email protected]> 0.22.0-2
--   Bump up to compile with python 3.10
-*   Thu Mar 19 2020 Tapas Kundu <[email protected]> 0.22.0-1
--   Initial release.
+* Tue Feb 04 2025 Prashant S Chauhan <[email protected]> 0.22.0-3
+- Remove pip from Requires
+* Thu Dec 09 2021 Prashant S Chauhan <[email protected]> 0.22.0-2
+- Bump up to compile with python 3.10
+* Thu Mar 19 2020 Tapas Kundu <[email protected]> 0.22.0-1
+- Initial release.
diff --git a/SPECS/python-requests-unixsocket/fix-for-requests.patch b/SPECS/python-requests-unixsocket/fix-for-requests.patch
@@ -0,0 +1,25 @@
+From 8b02ed531d8def03b4cf767e8a925be09db43dff Mon Sep 17 00:00:00 2001
+From: Simon Deziel <[email protected]>
+Date: Wed, 22 May 2024 12:02:20 -0400
+Subject: [PATCH] adapters: fix for requests 2.32.2+
+
+Signed-off-by: Simon Deziel <[email protected]>
+---
+ requests_unixsocket/adapters.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/requests_unixsocket/adapters.py b/requests_unixsocket/adapters.py
+index 83e1400..c3c73cc 100644
+--- a/requests_unixsocket/adapters.py
++++ b/requests_unixsocket/adapters.py
+@@ -63,6 +63,10 @@ def __init__(self, timeout=60, pool_connections=25, *args, **kwargs):
+             pool_connections, dispose_func=lambda p: p.close()
+         )
+
++    # Fix for requests 2.32.2+: https://github.com/psf/requests/pull/6710
++    def get_connection_with_tls_context(self, request, verify, proxies=None, cert=None):
++        return self.get_connection(request.url, proxies)
++
+     def get_connection(self, url, proxies=None):
+         proxies = proxies or {}
+         proxy = proxies.get(urlparse(url.lower()).scheme)
diff --git a/SPECS/python-requests-unixsocket/python-requests-unixsocket.spec b/SPECS/python-requests-unixsocket/python-requests-unixsocket.spec
@@ -2,7 +2,7 @@
 
 Name:           python3-requests-unixsocket
 Version:        0.3.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Use requests to talk HTTP via a UNIX domain socket
 License:        Apache-2
 Url:            https://pypi.org/project/requests-unixsocket
@@ -13,6 +13,8 @@ Distribution:   Photon
 Source0: https://files.pythonhosted.org/packages/c3/ea/0fb87f844d8a35ff0dcc8b941e1a9ffc9eb46588ac9e4267b9d9804354eb/%{srcname}-%{version}.tar.gz
 %define sha512 %{srcname}=21c887b0c3fa526a2debb3960e0ea4dc3b3015cdd517459b6484501176321408d1b4c87dd2840c7d8b71d08fa9114f655ae03f8bc9ff1fca33c914900ef82f5b
 
+Patch0: fix-for-requests.patch
+
 BuildRequires: python3-devel
 BuildRequires: python3-setuptools
 BuildRequires: python3-requests
@@ -23,6 +25,7 @@ BuildRequires: python3-pytest
 %endif
 
 Requires: python3
+Requires: python3-requests >= 2.26.0-5
 
 BuildArch: noarch
 
@@ -53,5 +56,7 @@ rm -rf %{buildroot}/*
 %{python3_sitelib}/*
 
 %changelog
+* Tue Jan 28 2025 Prashant S Chauhan <[email protected]> 0.3.0-2
+- Fix functionality break introduced by CVE-2024-35195 in python3-requests
 * Thu Aug 11 2022 Tapas Kundu <[email protected]> 0.3.0-1
 - Initial addition