diff --git a/0001-Restrict-URL-preparation-to-HTTP-HTTPS.patch b/0001-Restrict-URL-preparation-to-HTTP-HTTPS.patch new file mode 100644 index 0000000..20fdd4f --- /dev/null +++ b/0001-Restrict-URL-preparation-to-HTTP-HTTPS.patch @@ -0,0 +1,35 @@ +From 35d7b9264b5ae2c9b327d63464ec299b3d4bda2c Mon Sep 17 00:00:00 2001 +From: Christian Heimes +Date: Mon, 21 Nov 2016 18:00:24 +0100 +Subject: [PATCH] Restrict URL preparation to HTTP/HTTPS + +Requests treats all URLs starting with the string 'http' as HTTP URLs. +Preparation with IDNA breaks non-standard URIs like http+unix. Requests +now prepares only URLs with prefix http:// and https://. + +Signed-off-by: Christian Heimes +Signed-off-by: Jeremy Cline +--- + requests/models.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/requests/models.py b/requests/models.py +index a4bd41b..ca9e6fe 100644 +--- a/requests/models.py ++++ b/requests/models.py +@@ -344,9 +344,9 @@ class PreparedRequest(RequestEncodingMixin, RequestHooksMixin): + url = unicode(url) if is_py2 else str(url) + + # Don't do any URL preparation for non-HTTP schemes like `mailto`, +- # `data` etc to work around exceptions from `url_parse`, which +- # handles RFC 3986 only. +- if ':' in url and not url.lower().startswith('http'): ++ # `data`, `http+unix` etc to work around exceptions from `url_parse`, ++ # which handles RFC 3986 only. ++ if ':' in url and not url.lower().startswith(('http://', 'https://')): + self.url = url + return + +-- +2.9.3 + diff --git a/python-requests.spec b/python-requests.spec index 8fcde48..8de6fa3 100644 --- a/python-requests.spec +++ b/python-requests.spec @@ -11,7 +11,7 @@ Name: python-requests Version: 2.12.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: HTTP library, written in Python, for human beings License: ASL 2.0 @@ -32,6 +32,10 @@ Patch1: python-requests-remove-nested-bundling-dep.patch # - https://github.com/kennethreitz/requests/issues/2816 Patch2: python-requests-urllib3-at-%{urllib3_unbundled_version}.patch +# Backport of https://github.com/kennethreitz/requests/pull/3713 +# This patch should be removed after the 2.12.2 or 2.13 release. +Patch3: 0001-Restrict-URL-preparation-to-HTTP-HTTPS.patch + BuildArch: noarch %description @@ -90,6 +94,7 @@ designed to make HTTP requests easy for developers. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 # Unbundle the certificate bundle from mozilla. rm -rf requests/cacert.pem @@ -175,6 +180,9 @@ popd %endif %changelog +* Wed Nov 23 2016 Jeremy Cline - 2.12.1-2 +- Backport #3713. Fixes #1397149 + * Thu Nov 17 2016 Jeremy Cline - 2.12.1-1 - Update to 2.12.1. Fixes #1395469 - Unbundle idna, a new upstream dependency