python3-requests: Fix functionality break introduced by CVE-2024-35195

CVE-2024-35195 fix in python3-requests breaks docker-py
This patch addresses the issue
Upstream discussion:
requests: psf/requests#6710
docker: docker/docker-py#3256

Update python3-pip as it uses vulnerable requests

Change-Id: I1ff994a17c12711e118fd29455adfbe455ef4897
Reviewed-on: http://photon-gerrit.lvn.broadcom.net/c/photon/+/25066
Reviewed-by: Shreenidhi Shedi <shreenidhi.shedi@broadcom.com>
Tested-by: Shreenidhi Shedi <shreenidhi.shedi@broadcom.com>
Reviewed-by: Tapas Kundu <tapas.kundu@broadcom.com>

Author: prashant1221

SPECS/asciidoc3/asciidoc3.spec

@@ -3,7 +3,7 @@
 Summary:        AsciiDoc is a human readable text document format
 Name:           asciidoc3
 Version:        3.2.3
-Release:        4%{?dist}
+Release:        5%{?dist}
 URL:            https://gitlab.com/asciidoc3/asciidoc3
 Group:          System Environment/Development
 Vendor:         VMware, Inc.
@@ -60,6 +60,8 @@ rm -rf %{buildroot}/*
 %{_bindir}/*
 
 %changelog
+* Tue Jan 28 2025 Prashant S Chauhan <prashant.singh-chauhan@broadcom.com> 3.2.3-5
+- Bump up release as part of python3-pip upgrade
 * Wed Dec 11 2024 HarinadhD <harinadh.dommaraju@broadcom.com> 3.2.3-4
 - Release bump for SRP compliance
 * Tue Jan 09 2024 Prashant S Chauhan <psinghchauha@vmware.com> 3.2.3-3

SPECS/docker-py/docker-py.spec

@@ -1,6 +1,6 @@
 Name:           docker-py3
 Version:        6.0.0
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        Python API for docker
 Group:          Development/Languages/Python
 Vendor:         VMware, Inc.
@@ -13,6 +13,8 @@ Source0: https://github.com/docker/docker-py/releases/download/%{version}/docker
 Source1: license.txt
 %include %{SOURCE1}
 
+Patch0: fix-for-requests.patch
+
 BuildRequires: python3-devel
 BuildRequires: python3-ipaddress
 BuildRequires: python3-pip
@@ -34,7 +36,7 @@ Requires: python3
 Requires: docker-pycreds3
 Requires: python3-backports.ssl_match_hostname
 Requires: python3-ipaddress
-Requires: python3-requests
+Requires: python3-requests >= 2.28.1-7
 Requires: python3-six
 Requires: python3-websocket-client
 
@@ -65,6 +67,8 @@ rm -rf %{buildroot}/*
 %{python3_sitelib}/*
 
 %changelog
+* Wed Jan 15 2025 Prashant S Chauhan <prashant.singh-chauhan@broadcom.com> 6.0.0-6
+- Fix functionality break introduced by CVE-2024-35195 in python3-requests
 * Wed Dec 11 2024 Guruswamy Basavaiah <guruswamy.basavaiah@broadcom.com> 6.0.0-5
 - Release bump for SRP compliance
 * Fri Nov 22 2024 Prashant S Chauhan <prashant.singh-chauhan@broadcom.com> 6.0.0-4

SPECS/docker-py/fix-for-requests.patch

@@ -0,0 +1,18 @@
+From e33e0a437ecd895158c8cb4322a0cdad79312636 Mon Sep 17 00:00:00 2001
+From: Felix Fontein <felix@fontein.de>
+Date: Mon, 20 May 2024 21:13:41 +0200
+Subject: Hotfix for requests 2.32.2+.
+
+diff --git a/docker/transport/basehttpadapter.py b/docker/transport/basehttpadapter.py
+index dfbb193..2301b6b 100644
+--- a/docker/transport/basehttpadapter.py
++++ b/docker/transport/basehttpadapter.py
+@@ -6,3 +6,8 @@ class BaseHTTPAdapter(requests.adapters.HTTPAdapter):
+         super().close()
+         if hasattr(self, 'pools'):
+             self.pools.clear()
++
++    # Fix for requests 2.32.2+:
++    # https://github.com/psf/requests/commit/c98e4d133ef29c46a9b68cd783087218a8075e05
++    def get_connection_with_tls_context(self, request, verify, proxies=None, cert=None):
++        return self.get_connection(request.url, proxies)

SPECS/python-pyudev/python-pyudev.spec

@@ -1,7 +1,7 @@
 Summary:        Python binding for libudev
 Name:           python3-pyudev
 Version:        0.23.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 Group:          Development/Languages/Python
 URL:            https://pypi.org/project/pyudev
 Source0:        pyudev-%{version}.tar.gz
@@ -19,7 +19,6 @@ BuildRequires:  python3-xml
 BuildRequires:  systemd-devel
 Requires:       systemd
 Requires:       python3
-Requires:       python3-pip
 Requires:       python3-six
 %if 0%{?with_check}
 BuildRequires:  python3-pip
@@ -60,9 +59,11 @@ python3 setup.py test
 %{python3_sitelib}/*
 
 %changelog
-*   Wed Dec 11 2024 Prashant S Chauhan <prashant.singh-chauhan@broadcom.com> 0.23.2-2
--   Release bump for SRP compliance
-*   Sun Aug 21 2022 Gerrit Photon <photon-checkins@vmware.com> 0.23.2-1
--   Automatic Version Bump
-*   Thu Mar 19 2020 Tapas Kundu <tkundu@vmware.com> 0.22.0-1
--   Initial release.
+* Tue Feb 04 2025 Prashant S Chauhan <prashant.singh-chauhan@broadcom.com> 0.23.2-3
+- Remove pip from Requires
+* Wed Dec 11 2024 Prashant S Chauhan <prashant.singh-chauhan@broadcom.com> 0.23.2-2
+- Release bump for SRP compliance
+* Sun Aug 21 2022 Gerrit Photon <photon-checkins@vmware.com> 0.23.2-1
+- Automatic Version Bump
+* Thu Mar 19 2020 Tapas Kundu <tkundu@vmware.com> 0.22.0-1
+- Initial release.

SPECS/python-requests-unixsocket/fix-for-requests.patch

@@ -0,0 +1,25 @@
+From 8b02ed531d8def03b4cf767e8a925be09db43dff Mon Sep 17 00:00:00 2001
+From: Simon Deziel <simon.deziel@canonical.com>
+Date: Wed, 22 May 2024 12:02:20 -0400
+Subject: [PATCH] adapters: fix for requests 2.32.2+
+
+Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
+---
+ requests_unixsocket/adapters.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/requests_unixsocket/adapters.py b/requests_unixsocket/adapters.py
+index 83e1400..c3c73cc 100644
+--- a/requests_unixsocket/adapters.py
++++ b/requests_unixsocket/adapters.py
+@@ -63,6 +63,10 @@ def __init__(self, timeout=60, pool_connections=25, *args, **kwargs):
+             pool_connections, dispose_func=lambda p: p.close()
+         )
+ 
++    # Fix for requests 2.32.2+: https://github.com/psf/requests/pull/6710
++    def get_connection_with_tls_context(self, request, verify, proxies=None, cert=None):
++        return self.get_connection(request.url, proxies)
++
+     def get_connection(self, url, proxies=None):
+         proxies = proxies or {}
+         proxy = proxies.get(urlparse(url.lower()).scheme)

SPECS/python-requests-unixsocket/python-requests-unixsocket.spec

@@ -2,7 +2,7 @@
 
 Name:           python3-requests-unixsocket
 Version:        0.3.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        Use requests to talk HTTP via a UNIX domain socket
 Url:            https://pypi.org/project/requests-unixsocket
 Group:          Development/Languages/Python
@@ -15,6 +15,8 @@ Source0: https://files.pythonhosted.org/packages/c3/ea/0fb87f844d8a35ff0dcc8b941
 Source1: license.txt
 %include %{SOURCE1}
 
+Patch0: fix-for-requests.patch
+
 BuildRequires: python3-devel
 BuildRequires: python3-pbr
 BuildRequires: python3-setuptools
@@ -26,6 +28,7 @@ BuildRequires: python3-pytest
 %endif
 
 Requires: python3
+Requires: python3-requests >= 2.28.1-7
 
 BuildArch: noarch
 
@@ -56,6 +59,8 @@ rm -rf %{buildroot}/*
 %{python3_sitelib}/*
 
 %changelog
+* Tue Jan 28 2025 Prashant S Chauhan <prashant.singh-chauhan@broadcom.com> 0.3.0-4
+- Fix functionality break introduced by CVE-2024-35195 in python3-requests
 * Wed Dec 11 2024 Prashant S Chauhan <prashant.singh-chauhan@broadcom.com> 0.3.0-3
 - Release bump for SRP compliance
 * Mon Jun 03 2024 Prashant S Chauhan <prashant.singh-chauhan@broadcom.com> 0.3.0-2