diff options
author | Chih-Hsuan Yen | 2024-02-10 17:00:24 +0800 |
---|---|---|
committer | Chih-Hsuan Yen | 2024-02-10 17:21:41 +0800 |
commit | 407d0f60563344a7bcaf91fa1a7037e01b7ec0aa (patch) | |
tree | 4c63856849299f006372ec6ef82ddf9f9a721090 | |
parent | e8817bd71d4b18321d5776d5d1c358f844d1c825 (diff) | |
download | aur-407d0f60563344a7bcaf91fa1a7037e01b7ec0aa.tar.gz |
Backport fixes for urllib3 2.x to vendored botocore
-rw-r--r-- | PKGBUILD | 21 | ||||
-rw-r--r-- | botocore-2922.patch | 36 | ||||
-rw-r--r-- | botocore-2924.patch | 27 | ||||
-rw-r--r-- | botocore-2990-rebased.patch | 77 |
4 files changed, 159 insertions, 2 deletions
@@ -24,14 +24,20 @@ source=("https://awscli.amazonaws.com/awscli-$pkgver.tar.gz"{,.sig} fix-env.diff "$pkgname-tz-fix.patch" "${pkgname}-ruamel-yaml-v4.patch" - allow-egg-info.diff) + allow-egg-info.diff + botocore-2922.patch + botocore-2924.patch + botocore-2990-rebased.patch) sha256sums=('f8172666cd5437d0314bfc3965a25701c21536b5ceef82080a2fb14a420a9b0c' 'SKIP' '0267e41561ab2c46a97ebfb024f0b047aabc9e6b9866f204b2c1a84ee5810d63' '893d61d7e958c3c02bfa1e03bf58f6f6abd98849d248cc661f1c56423df9f312' '4fc614b8550d7363bb2d578c6b49326c9255203eb2f933fd0551f96ed5fb1f30' '20a9fcd5235bf606e86a6ec06ca30307ebbcfd36063d2ac561c1f9eff7243046' - '6768df8667fe7fd827e6eef1c4cdb3eae25aba5806bbc725270200a585f62152') + '6768df8667fe7fd827e6eef1c4cdb3eae25aba5806bbc725270200a585f62152' + '62be6cad0f9039ae682abffd167181abbd4a690e2680867418c5542893d74b36' + 'aad8b863d9f9107c56401e71d76b71f526efd9f8efac31e2a007b9071f85b5b6' + 'a43c3e9aba8974fc09f1780a37b6a94108b15dbbbcecdf6d9e7e224ca135816b') validpgpkeys=( 'FB5DB77FD5C118B80511ADA8A6310ACC4672475C' # the key mentioned on https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html ) @@ -58,6 +64,17 @@ prepare() { # tests/dependencies checks dependencies, and many Arch Linux packages are not using PEP 517 yet patch -Np1 -i ../allow-egg-info.diff + # Backport fixes for urllib3 2.x to vendored botocore + pushd awscli + # [Defer to system defaults for cipher suites with urllib3 2.0+](https://github.com/boto/botocore/pull/2922) + patch --no-backup-if-mismatch -Np1 -i ../../botocore-2922.patch + # [Do not set_ciphers(DEFAULT_CIPHERS) if DEFAULT_CIPHERS is None](https://github.com/boto/botocore/pull/2924) + patch --no-backup-if-mismatch -Np1 -i ../../botocore-2924.patch + # [Move 100-continue behavior to use high-level request interface](https://github.com/boto/botocore/pull/2990) + # Manually rebased due to conflicts from refactoring + patch --no-backup-if-mismatch -Np1 -i ../../botocore-2990-rebased.patch + popd + # use unittest.mock # https://src.fedoraproject.org/rpms/awscli2/blob/rawhide/f/awscli2.spec find -type f -name '*.py' -exec sed \ diff --git a/botocore-2922.patch b/botocore-2922.patch new file mode 100644 index 000000000000..496ddeef32c5 --- /dev/null +++ b/botocore-2922.patch @@ -0,0 +1,36 @@ +From 59489584f929b2893a5909c9009d3bdd556552a9 Mon Sep 17 00:00:00 2001 +From: Nate Prewitt <nate.prewitt@gmail.com> +Date: Mon, 20 Feb 2023 11:17:51 -0700 +Subject: [PATCH] Defer to system defaults for cipher suites with urllib3 2.0+ + +--- + botocore/httpsession.py | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/botocore/httpsession.py b/botocore/httpsession.py +index 97a03644d6..48e2e5d269 100644 +--- a/botocore/httpsession.py ++++ b/botocore/httpsession.py +@@ -20,7 +20,6 @@ + from urllib3.exceptions import SSLError as URLLib3SSLError + from urllib3.util.retry import Retry + from urllib3.util.ssl_ import ( +- DEFAULT_CIPHERS, + OP_NO_COMPRESSION, + PROTOCOL_TLS, + OP_NO_SSLv2, +@@ -49,6 +48,14 @@ + except ImportError: + from urllib3.util.ssl_ import SSLContext + ++try: ++ from urllib3.util.ssl_ import DEFAULT_CIPHERS ++except ImportError: ++ # Defer to system configuration starting with ++ # urllib3 2.0. This will choose the ciphers provided by ++ # Openssl 1.1.1+ or secure system defaults. ++ DEFAULT_CIPHERS = None ++ + import botocore.awsrequest + from botocore.compat import ( + IPV6_ADDRZ_RE, diff --git a/botocore-2924.patch b/botocore-2924.patch new file mode 100644 index 000000000000..2a18b9f1a3e3 --- /dev/null +++ b/botocore-2924.patch @@ -0,0 +1,27 @@ +From 5ec04be95d1531bf551056f80d3f7d84d48e5138 Mon Sep 17 00:00:00 2001 +From: Thomas Grainger <tagrain@gmail.com> +Date: Fri, 28 Apr 2023 12:06:22 +0100 +Subject: [PATCH] Do not set_ciphers(DEFAULT_CIPHERS) if DEFAULT_CIPHERS is + None + +Fixes #2921 +--- + botocore/httpsession.py | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/botocore/httpsession.py b/botocore/httpsession.py +index 48e2e5d269..b3fe6e6c0c 100644 +--- a/botocore/httpsession.py ++++ b/botocore/httpsession.py +@@ -113,7 +113,10 @@ def create_urllib3_context( + + context = SSLContext(ssl_version) + +- context.set_ciphers(ciphers or DEFAULT_CIPHERS) ++ if ciphers: ++ context.set_ciphers(ciphers) ++ elif DEFAULT_CIPHERS: ++ context.set_ciphers(DEFAULT_CIPHERS) + + # Setting the default here, as we may have no ssl module on import + cert_reqs = ssl.CERT_REQUIRED if cert_reqs is None else cert_reqs diff --git a/botocore-2990-rebased.patch b/botocore-2990-rebased.patch new file mode 100644 index 000000000000..69c6b1e2b8b5 --- /dev/null +++ b/botocore-2990-rebased.patch @@ -0,0 +1,77 @@ +From 86564e713ba922feafe3feb7883d5305cb6a0ec2 Mon Sep 17 00:00:00 2001 +From: Nate Prewitt <nate.prewitt@gmail.com> +Date: Wed, 26 Jul 2023 17:36:30 -0600 +Subject: [PATCH 1/3] Move 100-continue behavior to use request API + +--- + botocore/awsrequest.py | 37 +++++++++++++++++++++---------------- + 1 file changed, 21 insertions(+), 16 deletions(-) + +diff --git a/botocore/awsrequest.py b/botocore/awsrequest.py +index f00a0dde57..9123e65c9d 100644 +--- a/botocore/awsrequest.py ++++ b/botocore/awsrequest.py +@@ -66,33 +66,34 @@ class AWSConnection: + def __init__(self, *args, **kwargs): + super(AWSConnection, self).__init__(*args, **kwargs) + self._original_response_cls = self.response_class +- # We'd ideally hook into httplib's states, but they're all +- # __mangled_vars so we use our own state var. This variable is set +- # when we receive an early response from the server. If this value is +- # set to True, any calls to send() are noops. This value is reset to +- # false every time _send_request is called. This is to workaround the +- # fact that py2.6 (and only py2.6) has a separate send() call for the +- # body in _send_request, as opposed to endheaders(), which is where the +- # body is sent in all versions > 2.6. ++ # This variable is set when we receive an early response from the ++ # server. If this value is set to True, any calls to send() are noops. ++ # This value is reset to false every time _send_request is called. ++ # This is to workaround changes in urllib3 2.0 which uses separate ++ # send() calls in request() instead of delegating to endheaders(), ++ # which is where the body is sent in CPython's HTTPConnection. + self._response_received = False + self._expect_header_set = False ++ self._send_called = False + + def close(self): + super(AWSConnection, self).close() + # Reset all of our instance state we were tracking. + self._response_received = False + self._expect_header_set = False ++ self._send_called = False + self.response_class = self._original_response_cls + +- def _send_request(self, method, url, body, headers, *args, **kwargs): ++ def request(self, method, url, body=None, headers=None, *args, **kwargs): ++ if headers is None: ++ headers = {} + self._response_received = False + if headers.get('Expect', b'') == b'100-continue': + self._expect_header_set = True + else: + self._expect_header_set = False + self.response_class = self._original_response_cls +- rval = super(AWSConnection, self)._send_request( +- method, url, body, headers, *args, **kwargs) ++ rval = super().request(method, url, body, headers, *args, **kwargs) + self._expect_header_set = False + return rval + +@@ -210,8 +210,15 @@ def _send_message_body(self, message_body): + + def send(self, str): + if self._response_received: +- logger.debug("send() called, but reseponse already received. " +- "Not sending data.") ++ if not self._send_called: ++ # urllib3 2.0 chunks and calls send potentially ++ # thousands of times inside `request` unlike the ++ # standard library. Only log this once for sanity. ++ logger.debug( ++ "send() called, but response already received. " ++ "Not sending data." ++ ) ++ self._send_called = True + return + return super(AWSConnection, self).send(str) + |