From 591097779456b787a5a14286690d5ebbd877b95b Mon Sep 17 00:00:00 2001
From: doupengda <doupengda@loongson.cn>
Date: Tue, 16 Jul 2024 15:59:40 +0800
Subject: [PATCH] Update to 2.32.3

---
 CVE-2023-32681.patch |  56 ------------------
 CVE-2024-35195.patch | 138 -------------------------------------------
 python-requests.spec |  16 +++--
 sources              |   2 +-
 4 files changed, 8 insertions(+), 204 deletions(-)
 delete mode 100644 CVE-2023-32681.patch
 delete mode 100644 CVE-2024-35195.patch

diff --git a/CVE-2023-32681.patch b/CVE-2023-32681.patch
deleted file mode 100644
index 2b4cd79..0000000
--- a/CVE-2023-32681.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5 Mon Sep 17 00:00:00 2001
-From: Nate Prewitt <nate.prewitt@gmail.com>
-Date: Mon, 22 May 2023 08:08:57 -0700
-Subject: [PATCH] Merge pull request from GHSA-j8r2-6x86-q33q
-
----
- requests/sessions.py   |  4 +++-
- tests/test_requests.py | 20 ++++++++++++++++++++
- 2 files changed, 23 insertions(+), 1 deletion(-)
-
-diff --git a/requests/sessions.py b/requests/sessions.py
-index 6cb3b4dae3..dbcf2a7b0e 100644
---- a/requests/sessions.py
-+++ b/requests/sessions.py
-@@ -324,7 +324,9 @@ def rebuild_proxies(self, prepared_request, proxies):
-         except KeyError:
-             username, password = None, None
- 
--        if username and password:
-+        # urllib3 handles proxy authorization for us in the standard adapter.
-+        # Avoid appending this to TLS tunneled requests where it may be leaked.
-+        if not scheme.startswith('https') and username and password:
-             headers["Proxy-Authorization"] = _basic_auth_str(username, password)
- 
-         return new_proxies
-diff --git a/tests/test_requests.py b/tests/test_requests.py
-index b1c8dd4534..b420c44d73 100644
---- a/tests/test_requests.py
-+++ b/tests/test_requests.py
-@@ -647,6 +647,26 @@ def test_proxy_authorization_preserved_on_request(self, httpbin):
- 
-         assert sent_headers.get("Proxy-Authorization") == proxy_auth_value
- 
-+
-+    @pytest.mark.parametrize(
-+        "url,has_proxy_auth",
-+        (
-+            ('http://example.com', True),
-+            ('https://example.com', False),
-+        ),
-+    )
-+    def test_proxy_authorization_not_appended_to_https_request(self, url, has_proxy_auth):
-+        session = requests.Session()
-+        proxies = {
-+            'http': 'http://test:pass@localhost:8080',
-+            'https': 'http://test:pass@localhost:8090',
-+        }
-+        req = requests.Request('GET', url)
-+        prep = req.prepare()
-+        session.rebuild_proxies(prep, proxies)
-+
-+        assert ('Proxy-Authorization' in prep.headers) is has_proxy_auth
-+
-     def test_basicauth_with_netrc(self, httpbin):
-         auth = ("user", "pass")
-         wrong_auth = ("wronguser", "wrongpass")
diff --git a/CVE-2024-35195.patch b/CVE-2024-35195.patch
deleted file mode 100644
index 48b453d..0000000
--- a/CVE-2024-35195.patch
+++ /dev/null
@@ -1,138 +0,0 @@
-From 134fc4d05ee78b3a32c5e0fec469af194fefd96a Mon Sep 17 00:00:00 2001
-From: Ian Stapleton Cordasco <graffatcolmingov@gmail.com>
-Date: Fri, 24 May 2024 11:22:34 +0800
-Subject: [PATCH] Use TLS settings in selecting connection pool
-
----
- requests/adapters.py   | 58 +++++++++++++++++++++++++++++++++++++++++-
- tests/test_requests.py |  7 +++++
- tox.ini                |  2 +-
- 3 files changed, 65 insertions(+), 2 deletions(-)
-
-diff --git a/requests/adapters.py b/requests/adapters.py
-index d3b2d5b..0e5cf7c 100644
---- a/requests/adapters.py
-+++ b/requests/adapters.py
-@@ -8,6 +8,7 @@ and maintain connections.
- 
- import os.path
- import socket  # noqa: F401
-+import typing
- 
- from urllib3.exceptions import ClosedPoolError, ConnectTimeoutError
- from urllib3.exceptions import HTTPError as _HTTPError
-@@ -62,12 +63,38 @@ except ImportError:
-         raise InvalidSchema("Missing dependencies for SOCKS support.")
- 
- 
-+if typing.TYPE_CHECKING:
-+    from .models import PreparedRequest
-+
-+
- DEFAULT_POOLBLOCK = False
- DEFAULT_POOLSIZE = 10
- DEFAULT_RETRIES = 0
- DEFAULT_POOL_TIMEOUT = None
- 
- 
-+def _urllib3_request_context(
-+    request: "PreparedRequest", verify: "bool | str | None"
-+) -> "(typing.Dict[str, typing.Any], typing.Dict[str, typing.Any])":
-+    host_params = {}
-+    pool_kwargs = {}
-+    parsed_request_url = urlparse(request.url)
-+    scheme = parsed_request_url.scheme.lower()
-+    port = parsed_request_url.port
-+    cert_reqs = "CERT_REQUIRED"
-+    if verify is False:
-+        cert_reqs = "CERT_NONE"
-+    if isinstance(verify, str):
-+        pool_kwargs["ca_certs"] = verify
-+    pool_kwargs["cert_reqs"] = cert_reqs
-+    host_params = {
-+        "scheme": scheme,
-+        "host": parsed_request_url.hostname,
-+        "port": port,
-+    }
-+    return host_params, pool_kwargs
-+
-+
- class BaseAdapter:
-     """The Base Transport Adapter"""
- 
-@@ -330,6 +357,35 @@ class HTTPAdapter(BaseAdapter):
- 
-         return response
- 
-+    def _get_connection(self, request, verify, proxies=None):
-+        # Replace the existing get_connection without breaking things and
-+        # ensure that TLS settings are considered when we interact with
-+        # urllib3 HTTP Pools
-+        proxy = select_proxy(request.url, proxies)
-+        try:
-+            host_params, pool_kwargs = _urllib3_request_context(request, verify)
-+        except ValueError as e:
-+            raise InvalidURL(e, request=request)
-+        if proxy:
-+            proxy = prepend_scheme_if_needed(proxy, "http")
-+            proxy_url = parse_url(proxy)
-+            if not proxy_url.host:
-+                raise InvalidProxyURL(
-+                    "Please check proxy URL. It is malformed "
-+                    "and could be missing the host."
-+                )
-+            proxy_manager = self.proxy_manager_for(proxy)
-+            conn = proxy_manager.connection_from_host(
-+                **host_params, pool_kwargs=pool_kwargs
-+            )
-+        else:
-+            # Only scheme should be lower case
-+            conn = self.poolmanager.connection_from_host(
-+                **host_params, pool_kwargs=pool_kwargs
-+            )
-+
-+        return conn
-+
-     def get_connection(self, url, proxies=None):
-         """Returns a urllib3 connection for the given URL. This should not be
-         called from user code, and is only exposed for use when subclassing the
-@@ -453,7 +509,7 @@ class HTTPAdapter(BaseAdapter):
-         """
- 
-         try:
--            conn = self.get_connection(request.url, proxies)
-+            conn = self._get_connection(request, verify, proxies)
-         except LocationValueError as e:
-             raise InvalidURL(e, request=request)
- 
-diff --git a/tests/test_requests.py b/tests/test_requests.py
-index e58d45e..9a4ff12 100644
---- a/tests/test_requests.py
-+++ b/tests/test_requests.py
-@@ -2778,3 +2778,10 @@ class TestPreparingURLs:
-         with pytest.raises(requests.exceptions.JSONDecodeError) as excinfo:
-             r.json()
-         assert excinfo.value.doc == r.text
-+
-+    def test_different_connection_pool_for_tls_settings(self):
-+        s = requests.Session()
-+        r1 = s.get("https://invalid.badssl.com", verify=False)
-+        assert r1.status_code == 421
-+        with pytest.raises(requests.exceptions.SSLError):
-+            s.get("https://invalid.badssl.com")
-diff --git a/tox.ini b/tox.ini
-index 546c737..e418aa4 100644
---- a/tox.ini
-+++ b/tox.ini
-@@ -7,7 +7,7 @@ extras =
-     security
-     socks
- commands =
--    pytest tests
-+    pytest {posargs:tests}
- 
- [testenv:default]
- 
--- 
-2.41.0
-
diff --git a/python-requests.spec b/python-requests.spec
index da03943..0c7e093 100644
--- a/python-requests.spec
+++ b/python-requests.spec
@@ -2,14 +2,11 @@
 
 Summary:        A simple, yet elegant, HTTP library
 Name:           python-requests
-Version:        2.28.2
-Release:        2%{?dist}
+Version:        2.32.3
+Release:        1%{?dist}
 License:        ASL 2.0
 URL:            https://pypi.io/project/requests
-Source0:        https://github.com/requests/requests/archive/v%{version}/requests-v%{version}.tar.gz
-
-Patch0001:      https://github.com/psf/requests/commit/74ea7cf7a6.patch#/CVE-2023-32681.patch
-Patch0002:      https://github.com/psf/requests/commit/a58d7f2ffb.patch#/CVE-2024-35195.patch
+Source0:        https://github.com/requests/requests/archive/v%{version}/requests-%{version}.tar.gz
 
 BuildRequires:  python%{python3_pkgversion}-devel pyproject-rpm-macros
 %if %{with tests}
@@ -43,9 +40,6 @@ data — but nowadays, just use the `json` method!
 %prep
 %autosetup -n requests-%{version} -p1
 
-sed -i '/#!\/usr\/.*python/d' requests/certs.py
-sed -i 's/ --doctest-modules//' pyproject.toml
-
 %build
 %pyproject_wheel
 
@@ -63,6 +57,10 @@ sed -i 's/ --doctest-modules//' pyproject.toml
 %doc README.md HISTORY.md
 
 %changelog
+* Tue Jul 16 2024 Pengda Dou <doupengda@loongson> - 2.32.3-1
+- [Type] other
+- [DESC] Update to 2.32.3
+
 * Fri May 24 2024 Ze Zhang <bbrucezhang@tencent.com> - 2.28.2-2
 - [Type] bugfix
 - [DESC] Fixed CVE-2024-35195
diff --git a/sources b/sources
index 9f2da1e..a57d2cf 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (requests-v2.28.2.tar.gz) = 88c5a92ea51cd18e7edd49a6259d7b56bc0c17f86067f796b5f668ed35202b8bc1395e4811ee2089350e08893dcd304c9801dbf087abfaff1d14859e31bce8ac
+SHA512 (requests-2.32.3.tar.gz) = 20d413597ff4803a62156ada25ef2e8a5edd0d4dbf7d79cc7fcd88d51a76e019a7dacf41d7c3d546306f37c506ede68f16b9afea57c918db64e702382b1ae420
-- 
Gitee