import python-requests-2.25.1-8.el9

.gitignore

@@ -0,0 +1 @@
+SOURCES/requests-v2.25.1.tar.gz

.python-requests.metadata

@@ -0,0 +1 @@
+804fdbaf3dbc57f49a66cef920e9d4a5ce3460eb SOURCES/requests-v2.25.1.tar.gz

SOURCES/CVE-2023-32681.patch

@@ -0,0 +1,59 @@
+From 88313c734876b90c266d183d07d26338a14bc54c Mon Sep 17 00:00:00 2001
+From: Nate Prewitt <nate.prewitt@gmail.com>
+Date: Mon, 22 May 2023 08:08:57 -0700
+Subject: [PATCH] Merge pull request from GHSA-j8r2-6x86-q33q
+
+---
+ requests/sessions.py   |  4 +++-
+ tests/test_requests.py | 20 ++++++++++++++++++++
+ 2 files changed, 23 insertions(+), 1 deletion(-)
+
+diff --git a/requests/sessions.py b/requests/sessions.py
+index 45ab8a5..db9c594 100644
+--- a/requests/sessions.py
++++ b/requests/sessions.py
+@@ -306,7 +306,9 @@ class SessionRedirectMixin(object):
+         except KeyError:
+             username, password = None, None
+ 
+-        if username and password:
++        # urllib3 handles proxy authorization for us in the standard adapter.
++        # Avoid appending this to TLS tunneled requests where it may be leaked.
++        if not scheme.startswith('https') and username and password:
+             headers['Proxy-Authorization'] = _basic_auth_str(username, password)
+ 
+         return new_proxies
+diff --git a/tests/test_requests.py b/tests/test_requests.py
+index 5e721cb..c70706f 100644
+--- a/tests/test_requests.py
++++ b/tests/test_requests.py
+@@ -551,6 +551,26 @@ class TestRequests:
+         with pytest.raises(InvalidProxyURL):
+             requests.get(httpbin(), proxies={'http': 'http:///example.com:8080'})
+ 
++
++    @pytest.mark.parametrize(
++        "url,has_proxy_auth",
++        (
++            ('http://example.com', True),
++            ('https://example.com', False),
++        ),
++    )
++    def test_proxy_authorization_not_appended_to_https_request(self, url, has_proxy_auth):
++        session = requests.Session()
++        proxies = {
++            'http': 'http://test:pass@localhost:8080',
++            'https': 'http://test:pass@localhost:8090',
++        }
++        req = requests.Request('GET', url)
++        prep = req.prepare()
++        session.rebuild_proxies(prep, proxies)
++
++        assert ('Proxy-Authorization' in prep.headers) is has_proxy_auth
++
+     def test_basicauth_with_netrc(self, httpbin):
+         auth = ('user', 'pass')
+         wrong_auth = ('wronguser', 'wrongpass')
+-- 
+2.40.1
+

SOURCES/Empty-security-extras.patch

@@ -0,0 +1,13 @@
+diff --git a/setup.py b/setup.py
+index 065eb22..043ae42 100755
+--- a/setup.py
++++ b/setup.py
+@@ -100,7 +100,7 @@ setup(
+     cmdclass={'test': PyTest},
+     tests_require=test_requirements,
+     extras_require={
+-        'security': ['pyOpenSSL >= 0.14', 'cryptography>=1.3.4'],
++        'security': [],
+         'socks': ['PySocks>=1.5.6, !=1.5.7'],
+         'socks:sys_platform == "win32" and python_version == "2.7"': ['win_inet_pton'],
+     },

SOURCES/Remove-tests-that-use-the-tarpit.patch

@@ -0,0 +1,55 @@
+From bb1c91432c5e9a1f402692db5c80c65136656afb Mon Sep 17 00:00:00 2001
+From: Jeremy Cline <jeremy@jcline.org>
+Date: Tue, 13 Jun 2017 09:08:09 -0400
+Subject: [PATCH] Remove tests that use the tarpit
+
+The latest version of Mock has started using systemd containers. The
+systemd-nspawn command is being run with --private-network, which
+immediately kills connections to something other than localhost. These
+tests depend on the connection not being killed immediately and that
+they are never responded to.
+
+Signed-off-by: Jeremy Cline <jeremy@jcline.org>
+---
+ tests/test_requests.py | 25 -------------------------
+ 1 file changed, 25 deletions(-)
+
+diff --git a/tests/test_requests.py b/tests/test_requests.py
+index 7d4a4eb5..8d1c55fc 100644
+--- a/tests/test_requests.py
++++ b/tests/test_requests.py
+@@ -2186,31 +2186,6 @@ class TestTimeout:
+         except ReadTimeout:
+             pass
+ 
+-    @pytest.mark.parametrize(
+-        'timeout', (
+-            (0.1, None),
+-            Urllib3Timeout(connect=0.1, read=None)
+-        ))
+-    def test_connect_timeout(self, timeout):
+-        try:
+-            requests.get(TARPIT, timeout=timeout)
+-            pytest.fail('The connect() request should time out.')
+-        except ConnectTimeout as e:
+-            assert isinstance(e, ConnectionError)
+-            assert isinstance(e, Timeout)
+-
+-    @pytest.mark.parametrize(
+-        'timeout', (
+-            (0.1, 0.1),
+-            Urllib3Timeout(connect=0.1, read=0.1)
+-        ))
+-    def test_total_timeout_connect(self, timeout):
+-        try:
+-            requests.get(TARPIT, timeout=timeout)
+-            pytest.fail('The connect() request should time out.')
+-        except ConnectTimeout:
+-            pass
+-
+     def test_encoded_methods(self, httpbin):
+         """See: https://github.com/psf/requests/issues/2316"""
+         r = requests.request(b'GET', httpbin('get'))
+-- 
+2.24.1
+

SOURCES/patch-requests-certs.py-to-use-the-system-CA-bundle.patch

@@ -0,0 +1,29 @@
+diff --color -Nur requests-2.25.1.orig/requests/certs.py requests-2.25.1/requests/certs.py
+--- requests-2.25.1.orig/requests/certs.py	2021-01-10 16:27:05.027059634 -0800
++++ requests-2.25.1/requests/certs.py	2021-01-10 16:29:06.973238179 -0800
+@@ -10,8 +10,13 @@
+ If you are packaging Requests, e.g., for a Linux distribution or a managed
+ environment, you can change the definition of where() to return a separately
+ packaged CA bundle.
++
++This Fedora-patched package returns "/etc/pki/tls/certs/ca-bundle.crt" provided
++by the ca-certificates RPM package.
+ """
+-from certifi import where
++def where():
++    """Return the absolute path to the system CA bundle."""
++    return '/etc/pki/tls/certs/ca-bundle.crt'
+ 
+ if __name__ == '__main__':
+     print(where())
+diff --color -Nur requests-2.25.1.orig/setup.py requests-2.25.1/setup.py
+--- requests-2.25.1.orig/setup.py	2020-12-16 11:34:26.000000000 -0800
++++ requests-2.25.1/setup.py	2021-01-10 16:29:21.570259552 -0800
+@@ -45,7 +45,6 @@
+     'chardet>=3.0.2,<5',
+     'idna>=2.5,<3',
+     'urllib3>=1.21.1,<1.27',
+-    'certifi>=2017.4.17'
+ 
+ ]
+ test_requirements = [

SOURCES/requests-2.12.4-tests_nonet.patch

@@ -0,0 +1,11 @@
+--- requests-2.12.4/tests/testserver/server.py	2016-12-21 11:31:56.000000000 -0800
++++ requests-2.12.4/tests/testserver/server.py.new	2016-12-30 10:40:06.085995065 -0800
+@@ -27,7 +27,7 @@
+     """Dummy server using for unit testing"""
+     WAIT_EVENT_TIMEOUT = 5
+ 
+-    def __init__(self, handler=None, host='localhost', port=0, requests_to_handle=1, wait_to_close_event=None):
++    def __init__(self, handler=None, host='127.0.0.1', port=0, requests_to_handle=1, wait_to_close_event=None):
+         super(Server, self).__init__()
+ 
+         self.handler = handler or consume_socket_content

SOURCES/support_IPv6_CIDR_in_no_proxy.patch

@@ -0,0 +1,268 @@
+From 94c0991a62246018bc9909907c2889519158079d Mon Sep 17 00:00:00 2001
+From: Derek Higgins <derekh@redhat.com>
+Date: Thu, 4 Jan 2024 11:30:57 +0100
+Subject: [PATCH] Add ipv6 support to should_bypass_proxies
+
+Add support to should_bypass_proxies to support
+IPv6 ipaddresses and CIDRs in no_proxy. Includes
+adding IPv6 support to various other helper functions.
+---
+ requests/utils.py   | 83 ++++++++++++++++++++++++++++++++++++++-------
+ tests/test_utils.py | 67 ++++++++++++++++++++++++++++++++----
+ 2 files changed, 131 insertions(+), 19 deletions(-)
+
+diff --git a/requests/utils.py b/requests/utils.py
+index db67938..f3f780c 100644
+--- a/requests/utils.py
++++ b/requests/utils.py
+@@ -623,18 +623,46 @@ def requote_uri(uri):
+         return quote(uri, safe=safe_without_percent)
+ 
+ 
++def _get_mask_bits(mask, totalbits=32):
++    """Converts a mask from /xx format to a int
++    to be used as a mask for IP's in int format
++
++    Example: if mask is 24 function returns 0xFFFFFF00
++             if mask is 24 and totalbits=128 function
++                returns 0xFFFFFF00000000000000000000000000
++
++    :rtype: int
++    """
++    bits = ((1 << mask) - 1) << (totalbits - mask)
++    return bits
++
++
+ def address_in_network(ip, net):
+     """This function allows you to check if an IP belongs to a network subnet
+ 
+     Example: returns True if ip = 192.168.1.1 and net = 192.168.1.0/24
+              returns False if ip = 192.168.1.1 and net = 192.168.100.0/24
++             returns True if ip = 1:2:3:4::1 and net = 1:2:3:4::/64
+ 
+     :rtype: bool
+     """
+-    ipaddr = struct.unpack('=L', socket.inet_aton(ip))[0]
+     netaddr, bits = net.split('/')
+-    netmask = struct.unpack('=L', socket.inet_aton(dotted_netmask(int(bits))))[0]
+-    network = struct.unpack('=L', socket.inet_aton(netaddr))[0] & netmask
++    if is_ipv4_address(ip) and is_ipv4_address(netaddr):
++        ipaddr = struct.unpack(">L", socket.inet_aton(ip))[0]
++        netmask = _get_mask_bits(int(bits))
++        network = struct.unpack(">L", socket.inet_aton(netaddr))[0]
++    elif is_ipv6_address(ip) and is_ipv6_address(netaddr):
++        ipaddr_msb, ipaddr_lsb = struct.unpack(
++            ">QQ", socket.inet_pton(socket.AF_INET6, ip)
++        )
++        ipaddr = (ipaddr_msb << 64) ^ ipaddr_lsb
++        netmask = _get_mask_bits(int(bits), 128)
++        network_msb, network_lsb = struct.unpack(
++            ">QQ", socket.inet_pton(socket.AF_INET6, netaddr)
++        )
++        network = (network_msb << 64) ^ network_lsb
++    else:
++        return False
+     return (ipaddr & netmask) == (network & netmask)
+ 
+ 
+@@ -654,12 +682,39 @@ def is_ipv4_address(string_ip):
+     :rtype: bool
+     """
+     try:
+-        socket.inet_aton(string_ip)
++        socket.inet_pton(socket.AF_INET, string_ip)
++    except socket.error:
++        return False
++    return True
++
++
++def is_ipv6_address(string_ip):
++    """
++    :rtype: bool
++    """
++    try:
++        socket.inet_pton(socket.AF_INET6, string_ip)
+     except socket.error:
+         return False
+     return True
+ 
+ 
++def compare_ips(a, b):
++    """
++    Compare 2 IP's, uses socket.inet_pton to normalize IPv6 IPs
++
++    :rtype: bool
++    """
++    if a == b:
++        return True
++    try:
++        return socket.inet_pton(socket.AF_INET6, a) == socket.inet_pton(
++            socket.AF_INET6, b
++        )
++    except OSError:
++        return False
++
++
+ def is_valid_cidr(string_network):
+     """
+     Very simple check of the cidr format in no_proxy variable.
+@@ -667,17 +722,19 @@ def is_valid_cidr(string_network):
+     :rtype: bool
+     """
+     if string_network.count('/') == 1:
++        address, mask = string_network.split("/")
+         try:
+-            mask = int(string_network.split('/')[1])
++            mask = int(mask)
+         except ValueError:
+             return False
+ 
+-        if mask < 1 or mask > 32:
+-            return False
+-
+-        try:
+-            socket.inet_aton(string_network.split('/')[0])
+-        except socket.error:
++        if is_ipv4_address(address):
++            if mask < 1 or mask > 32:
++                return False
++        elif is_ipv6_address(address):
++            if mask < 1 or mask > 128:
++                return False
++        else:
+             return False
+     else:
+         return False
+@@ -734,12 +791,12 @@ def should_bypass_proxies(url, no_proxy):
+             host for host in no_proxy.replace(' ', '').split(',') if host
+         )
+ 
+-        if is_ipv4_address(parsed.hostname):
++        if is_ipv4_address(parsed.hostname) or is_ipv6_address(parsed.hostname):
+             for proxy_ip in no_proxy:
+                 if is_valid_cidr(proxy_ip):
+                     if address_in_network(parsed.hostname, proxy_ip):
+                         return True
+-                elif parsed.hostname == proxy_ip:
++                elif compare_ips(parsed.hostname, proxy_ip):
+                     # If no_proxy ip was defined in plain IP notation instead of cidr notation &
+                     # matches the IP of the index
+                     return True
+diff --git a/tests/test_utils.py b/tests/test_utils.py
+index 463516b..4ce139a 100644
+--- a/tests/test_utils.py
++++ b/tests/test_utils.py
+@@ -21,7 +21,7 @@ from requests.utils import (
+     requote_uri, select_proxy, should_bypass_proxies, super_len,
+     to_key_val_list, to_native_string,
+     unquote_header_value, unquote_unreserved,
+-    urldefragauth, add_dict_to_cookiejar, set_environ)
++    urldefragauth, add_dict_to_cookiejar, set_environ, _get_mask_bits, compare_ips)
+ from requests._internal_utils import unicode_is_ascii
+ 
+ from .compat import StringIO, cStringIO
+@@ -215,9 +215,15 @@ class TestIsIPv4Address:
+ 
+ 
+ class TestIsValidCIDR:
+-
+-    def test_valid(self):
+-        assert is_valid_cidr('192.168.1.0/24')
++    @pytest.mark.parametrize(
++        "value",
++        (
++            "192.168.1.0/24",
++            "1:2:3:4::/64",
++        ),
++    )
++    def test_valid(self, value):
++        assert is_valid_cidr(value)
+ 
+     @pytest.mark.parametrize(
+         'value', (
+@@ -226,6 +232,11 @@ class TestIsValidCIDR:
+             '192.168.1.0/128',
+             '192.168.1.0/-1',
+             '192.168.1.999/24',
++            "1:2:3:4::1",
++            "1:2:3:4::/a",
++            "1:2:3:4::0/321",
++            "1:2:3:4::/-1",
++            "1:2:3:4::12211/64",
+         ))
+     def test_invalid(self, value):
+         assert not is_valid_cidr(value)
+@@ -239,6 +250,12 @@ class TestAddressInNetwork:
+     def test_invalid(self):
+         assert not address_in_network('172.16.0.1', '192.168.1.0/24')
+ 
++    def test_valid_v6(self):
++        assert address_in_network("1:2:3:4::1111", "1:2:3:4::/64")
++
++    def test_invalid_v6(self):
++        assert not address_in_network("1:2:3:4:1111", "1:2:3:4::/124")
++
+ 
+ class TestGuessFilename:
+ 
+@@ -624,13 +641,18 @@ def test_urldefragauth(url, expected):
+             ('http://172.16.1.12:5000/', False),
+             ('http://google.com:5000/v1.0/', False),
+             ('file:///some/path/on/disk', True),
++            ("http://[1:2:3:4:5:6:7:8]:5000/", True),
++            ("http://[1:2:3:4::1]/", True),
++            ("http://[1:2:3:9::1]/", True),
++            ("http://[1:2:3:9:0:0:0:1]/", True),
++            ("http://[1:2:3:9::2]/", False),
+     ))
+ def test_should_bypass_proxies(url, expected, monkeypatch):
+     """Tests for function should_bypass_proxies to check if proxy
+     can be bypassed or not
+     """
+-    monkeypatch.setenv('no_proxy', '192.168.0.0/24,127.0.0.1,localhost.localdomain,172.16.1.1, google.com:6000')
+-    monkeypatch.setenv('NO_PROXY', '192.168.0.0/24,127.0.0.1,localhost.localdomain,172.16.1.1, google.com:6000')
++    monkeypatch.setenv('no_proxy', '192.168.0.0/24,127.0.0.1,localhost.localdomain,1:2:3:4::/64,1:2:3:9::1,172.16.1.1, google.com:6000')
++    monkeypatch.setenv('NO_PROXY', '192.168.0.0/24,127.0.0.1,localhost.localdomain,1:2:3:4::/64,1:2:3:9::1,172.16.1.1, google.com:6000')
+     assert should_bypass_proxies(url, no_proxy=None) == expected
+ 
+ 
+@@ -781,3 +803,36 @@ def test_set_environ_raises_exception():
+             raise Exception('Expected exception')
+ 
+     assert 'Expected exception' in str(exception.value)
++
++
++@pytest.mark.parametrize(
++    "mask, totalbits, maskbits",
++    (
++        (24, None, 0xFFFFFF00),
++        (31, None, 0xFFFFFFFE),
++        (0, None, 0x0),
++        (4, 4, 0xF),
++        (24, 128, 0xFFFFFF00000000000000000000000000),
++    ),
++)
++def test__get_mask_bits(mask, totalbits, maskbits):
++    args = {"mask": mask}
++    if totalbits:
++        args["totalbits"] = totalbits
++    assert _get_mask_bits(**args) == maskbits
++
++
++@pytest.mark.parametrize(
++    "a, b, expected",
++    (
++        ("1.2.3.4", "1.2.3.4", True),
++        ("1.2.3.4", "2.2.3.4", False),
++        ("1::4", "1.2.3.4", False),
++        ("1::4", "1::4", True),
++        ("1::4", "1:0:0:0:0:0:0:4", True),
++        ("1::4", "1:0:0:0:0:0::4", True),
++        ("1::4", "1:0:0:0:0:0:1:4", False),
++    ),
++)
++def test_compare_ips(a, b, expected):
++    assert compare_ips(a, b) == expected
+-- 
+2.43.0
+

SPECS/python-requests.spec

@@ -0,0 +1,520 @@
+# Disable tests on RHEL9 as to not pull in the test dependencies
+# Specify --with tests to run the tests e.g. on EPEL
+%bcond_with tests
+
+
+Name:           python-requests
+Version:        2.25.1
+Release:        8%{?dist}
+Summary:        HTTP library, written in Python, for human beings
+
+License:        ASL 2.0
+URL:            https://pypi.io/project/requests
+Source0:        https://github.com/requests/requests/archive/v%{version}/requests-v%{version}.tar.gz
+# Explicitly use the system certificates in ca-certificates.
+# https://bugzilla.redhat.com/show_bug.cgi?id=904614
+Patch0:         patch-requests-certs.py-to-use-the-system-CA-bundle.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=1450608
+Patch2:         Remove-tests-that-use-the-tarpit.patch
+
+# Use 127.0.0.1 not localhost for socket.bind() in the Server test
+# class, to fix tests in Koji's no-network environment
+# This probably isn't really upstreamable, because I guess localhost
+# could technically be IPv6 or something, and our no-network env is
+# a pretty odd one so this is a niche requirement.
+Patch3:         requests-2.12.4-tests_nonet.patch
+
+# The [security] extra as present in upstream 2.25.1 is not possible,
+# because the PyOpenSSL package is not part of RHEL 9.
+# We backport a pre-2.26.0 commit that makes request[security] a no-op:
+#   https://github.com/psf/requests/pull/5867
+# """
+# We initially removed default support for PyOpenSSL in Requests 2.24.0
+# as it is now considered less secure. Deprecation of the extras_require was
+# announced in Requests 2.25.0 and we're officially removing the extras_require
+# functionality in Requests 2.26.0.
+# Projects currently using requests[security] after this change will continue
+# to operate as if performing a standard requests installation (secure by default).
+# """
+Patch4:         Empty-security-extras.patch
+
+# Security fix for CVE-2023-32681
+# Unintended leak of Proxy-Authorization header
+# Resolved upstream: https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5
+# Tracking bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2209469
+Patch5:         CVE-2023-32681.patch
+
+# Add support for IPv6 CIDR in no_proxy setting
+# This functionality is needed in Openshift and it has been
+# proposed for upstream in 2021 but the PR unfortunately stalled.
+# Issue: https://issues.redhat.com/browse/RHEL-17548
+# Upstream PR: https://github.com/psf/requests/pull/5953
+Patch6:         support_IPv6_CIDR_in_no_proxy.patch
+
+BuildArch:      noarch
+
+%description
+Most existing Python modules for sending HTTP requests are extremely verbose and
+cumbersome. Python’s built-in urllib2 module provides most of the HTTP
+capabilities you should need, but the API is thoroughly broken. This library is
+designed to make HTTP requests easy for developers.
+
+%package -n python%{python3_pkgversion}-requests
+Summary: HTTP library, written in Python, for human beings
+
+%{?python_provide:%python_provide python%{python3_pkgversion}-requests}
+
+BuildRequires:  python%{python3_pkgversion}-devel
+BuildRequires:  pyproject-rpm-macros
+
+%if %{with tests}
+BuildRequires:  python3dist(pytest)
+BuildRequires:  python3dist(pytest-httpbin)
+BuildRequires:  python3dist(pytest-mock)
+%endif
+
+
+%description -n python%{python3_pkgversion}-requests
+Most existing Python modules for sending HTTP requests are extremely verbose and
+cumbersome. Python’s built-in urllib2 module provides most of the HTTP
+capabilities you should need, but the API is thoroughly broken. This library is
+designed to make HTTP requests easy for developers.
+
+%pyproject_extras_subpkg -n python%{python3_pkgversion}-requests security socks
+
+%generate_buildrequires
+%if %{with tests}
+%pyproject_buildrequires -r
+%else
+%pyproject_buildrequires
+%endif
+
+
+%prep
+%autosetup -p1 -n requests-%{version}
+
+# Unbundle the certificate bundle from mozilla.
+rm -rf requests/cacert.pem
+
+# env shebang in nonexecutable file
+sed -i '/#!\/usr\/.*python/d' requests/certs.py
+
+# Some doctests use the internet and fail to pass in Koji. Since doctests don't have names, I don't
+# know a way to skip them. We also don't want to patch them out, because patching them out will
+# change the docs. Thus, we set pytest not to run doctests at all.
+sed -i 's/ --doctest-modules//' pytest.ini
+
+%build
+%pyproject_wheel
+
+
+%install
+%pyproject_install
+%pyproject_save_files requests
+
+
+%if %{with tests}
+%check
+# test_https_warnings: https://github.com/psf/requests/issues/5530
+%pytest -v -k "not test_https_warnings"
+%endif
+
+
+%files -n python%{python3_pkgversion}-requests -f %{pyproject_files}
+%license LICENSE
+%doc README.md HISTORY.md
+
+
+%changelog
+* Thu Mar 28 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.25.1-8
+- Rebuilt for MSVSphere 9.4 beta
+
+* Tue Jan 02 2024 Lumír Balhar <lbalhar@redhat.com> - 2.25.1-8
+- Add support for IPv6 CIDR in no_proxy setting
+Resolves: RHEL-17548
+
+* Fri Jun 16 2023 Charalampos Stratakis <cstratak@redhat.com> - 2.25.1-7
+- Security fix for CVE-2023-32681
+Resolves: rhbz#2209469
+
+* Tue Feb 08 2022 Tomáš Hrnčiar <thrnciar@redhat.com> - 2.25.1-6
+- Add automatically generated Obsoletes tag with the python39- prefix
+  for smoother upgrade from RHEL8
+- Related: rhbz#1990421
+
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.25.1-5
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Thu Jul 15 2021 Miro Hrončok <mhroncok@redhat.com> - 2.25.1-4
+- Make requests[security] extras a no-op (backported from future 2.26.0)
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.25.1-3
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Mon Mar 08 2021 Charalampos Stratakis <cstratak@redhat.com> - 2.25.1-2
+- Disable tests on RHEL9 to avoid pulling in the test dependencies
+
+* Tue Feb 02 2021 Kevin Fenzi <kevin@scrye.com> - 2.25.1-1
+- Update 2.25.1. Fix is rhbz#1908487
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.25.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Nov 25 2020 Petr Viktorin <pviktori@redhat.com> - 2.25.0-1
+- Update to 2.25.0
+
+* Fri Nov 13 2020 Miro Hrončok <mhroncok@redhat.com> - 2.24.0-5
+- Don't BR pytest-cov
+
+* Fri Sep 18 2020 Petr Viktorin <pviktori@redhat.com> - 2.24.0-4
+- Port to pyproject macros
+
+* Fri Sep 18 2020 Miro Hrončok <mhroncok@redhat.com> - 2.24.0-3
+- Build with pytest 6, older version is no longer required
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.24.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jul 10 2020 Miro Hrončok <mhroncok@redhat.com> - 2.24.0-1
+- Update to 2.24.0
+- Resolves rhbz#1848104
+
+* Fri Jul 10 2020 Miro Hrončok <mhroncok@redhat.com> - 2.23.0-5
+- Add requests[security] and requests[socks] subpackages
+
+* Sat May 30 2020 Miro Hrončok <mhroncok@redhat.com> - 2.23.0-4
+- Test with pytest 4, drop manual requires
+
+* Mon May 25 2020 Miro Hrončok <mhroncok@redhat.com> - 2.23.0-3
+- Rebuilt for Python 3.9
+
+* Fri May 22 2020 Miro Hrončok <mhroncok@redhat.com> - 2.23.0-2
+- Bootstrap for Python 3.9
+
+* Fri Feb 21 2020 Randy Barlow <bowlofeggs@fedoraproject.org> - 2.23.0-1
+- Update to 2.23.0 (#1804863).
+- https://requests.readthedocs.io/en/latest/community/updates/
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.22.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Tue Oct 22 2019 Charalampos Stratakis <cstratak@redhat.com> - 2.22.0-7
+- Remove the python2 subpackage (rhbz#1761787)
+
+* Wed Sep 18 2019 Petr Viktorin <pviktori@redhat.com> - 2.22.0-6
+- Python 2: Remove tests and test dependencies
+
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 2.22.0-5
+- Rebuilt for Python 3.8
+
+* Thu Aug 15 2019 Miro Hrončok <mhroncok@redhat.com> - 2.22.0-4
+- Bootstrap for Python 3.8
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.22.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Jun 11 2019 Yatin Karel <ykarel@redhat.com> - 2.22.0-2
+- Add minimum requirement for chardet and urllib3
+
+* Thu May 23 2019 Jeremy Cline <jcline@redhat.com> - 2.22.0-1
+- Update to v2.22.0
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.21.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Dec 13 2018 Jeremy Cline <jeremy@jcline.org> - 2.21.0-1
+- Update to v2.21.0
+- Don't rely on certifi being patched properly to use the system CA bundle
+
+* Mon Nov 26 2018 Miro Hrončok <mhroncok@redhat.com> - 2.20.0-2
+- No pytest-httpbin for Python 2
+
+* Mon Oct 29 2018 Jeremy Cline <jeremy@jcline.org> - 2.20.0-1
+- Update to v2.20.0
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.19.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Mon Jun 18 2018 Miro Hrončok <mhroncok@redhat.com> - 2.19.1-2
+- Rebuilt for Python 3.7
+
+* Thu Jun 14 2018 Jeremy Cline <jeremy@jcline.org> - 2.19.1-1
+- Update to v2.19.1 (rhbz 1591531)
+
+* Thu Jun 14 2018 Miro Hrončok <mhroncok@redhat.com> - 2.19.0-2
+- Bootstrap for Python 3.7
+
+* Tue Jun 12 2018 Jeremy Cline <jeremy@jcline.org> - 2.19.0-1
+- Update to v2.19.0 (rhbz 1590508)
+
+* Fri Jun 08 2018 Jeremy Cline <jeremy@jcline.org> - 2.18.4-6
+- Don't print runtime warning about urllib3 v1.23 (rhbz 1589306)
+
+* Tue Jun 05 2018 Jeremy Cline <jeremy@jcline.org> - 2.18.4-5
+- Allow urllib3 v1.23 (rhbz 1586311)
+
+* Mon Apr 16 2018 Jeremy Cline <jeremy@jcline.org> - 2.18.4-4
+- Stop injecting PyOpenSSL (rhbz 1567862)
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.18.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Mon Dec 11 2017 Iryna Shcherbina <ishcherb@redhat.com> - 2.18.4-2
+- Fix ambiguous Python 2 dependency declarations
+  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
+
+* Fri Aug 18 2017 Jeremy Cline <jeremy@jcline.org> - 2.18.4-1
+- Update to 2.18.4
+
+* Wed Jul 26 2017 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.18.2-1
+- Update to 2.18.2
+
+* Tue Jun 20 2017 Jeremy Cline <jeremy@jcline.org> - 2.18.1-2
+- Drop the dependency on certifi in setup.py
+
+* Mon Jun 19 2017 Jeremy Cline <jeremy@jcline.org> - 2.18.1-1
+- Update to 2.18.1 (#1449432)
+- Remove tests that require non-local network (#1450608)
+
+* Wed May 17 2017 Jeremy Cline <jeremy@jcline.org> - 2.14.2-1
+- Update to 2.14.2 (#1449432)
+- Switch to autosetup to apply patches
+
+* Sun May 14 2017 Stephen Gallagher <sgallagh@redhat.com> - 2.13.0-2
+- Don't run tests when building as a module
+
+* Thu Feb 09 2017 Jeremy Cline <jeremy@jcline.org> - 2.13.0-1
+- Update to 2.13.0 (#1418138)
+
+* Fri Dec 30 2016 Adam Williamson <awilliam@redhat.com> - 2.12.4-3
+- Include and enable tests (now python-pytest-httpbin is packaged)
+
+* Wed Dec 21 2016 Kevin Fenzi <kevin@scrye.com> - 2.12.4-2
+- Rebuild for Python 3.6 again.
+
+* Tue Dec 20 2016 Jeremy Cline <jeremy@jcline.org> - 2.12.4-1
+- Update to 2.12.4. Fixes #1404680
+
+* Tue Dec 13 2016 Stratakis Charalampos <cstratak@redhat.com> - 2.12.3-2
+- Rebuild for Python 3.6
+
+* Thu Dec 01 2016 Jeremy Cline <jeremy@jcline.org> - 2.12.3-1
+- Update to 2.12.3. Fixes #1400601
+
+* Wed Nov 30 2016 Jeremy Cline <jeremy@jcline.org> - 2.12.2-1
+- Update to 2.12.2
+
+* Wed Nov 23 2016 Jeremy Cline <jeremy@jcline.org> - 2.12.1-2
+- Backport #3713. Fixes #1397149
+
+* Thu Nov 17 2016 Jeremy Cline <jeremy@jcline.org> - 2.12.1-1
+- Update to 2.12.1. Fixes #1395469
+- Unbundle idna, a new upstream dependency
+
+* Sat Aug 27 2016 Kevin Fenzi <kevin@scrye.com> - 2.11.1-1
+- Update to 2.11.1. Fixes #1370814
+
+* Wed Aug 10 2016 Kevin Fenzi <kevin@scrye.com> - 2.11.0-1
+- Update to 2.11.0. Fixes #1365332
+
+* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.10.0-4
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Fri Jul 15 2016 Ralph Bean <rbean@redhat.com> - 2.10.0-3
+- Update python2 packaging.
+
+* Thu Jun 02 2016 Ralph Bean <rbean@redhat.com> - 2.10.0-2
+- Fix python2 subpackage to comply with guidelines.
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.9.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Mon Dec 21 2015 Ralph Bean <rbean@redhat.com> - 2.9.1-1
+- new version
+
+* Fri Dec 18 2015 Ralph Bean <rbean@redhat.com> - 2.9.0-1
+- new version
+
+* Mon Dec 14 2015 Ralph Bean <rbean@redhat.com> - 2.8.1-1
+- Latest upstream.
+- Bump hard dep on urllib3 to 1.12.
+
+* Mon Nov 02 2015 Robert Kuska <rkuska@redhat.com> - 2.7.0-8
+- Rebuilt for Python3.5 rebuild
+
+* Sat Oct 10 2015 Ralph Bean <rbean@redhat.com> - 2.7.0-7
+- Tell setuptools about what version of urllib3 we're unbundling
+  for https://github.com/kennethreitz/requests/issues/2816
+
+* Thu Sep 17 2015 Ralph Bean <rbean@redhat.com> - 2.7.0-6
+- Replace the provides macro with a plain provides field for now until we can
+  re-organize this package into two different subpackages.
+
+* Thu Sep 17 2015 Ralph Bean <rbean@redhat.com> - 2.7.0-5
+- Remove 'provides: python2-requests' from the python3 subpackage, obviously.
+
+* Tue Sep 15 2015 Ralph Bean <rbean@redhat.com> - 2.7.0-4
+- Employ %%python_provides macro to provide python2-requests.
+
+* Fri Sep 04 2015 Ralph Bean <rbean@redhat.com> - 2.7.0-3
+- Lock down the python-urllib3 version to the specific version we unbundled.
+  https://bugzilla.redhat.com/show_bug.cgi?id=1253823
+
+* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.7.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Mon May 04 2015 Ralph Bean <rbean@redhat.com> - 2.7.0-1
+- new version
+
+* Wed Apr 29 2015 Ralph Bean <rbean@redhat.com> - 2.6.2-1
+- new version
+
+* Thu Apr 23 2015 Ralph Bean <rbean@redhat.com> - 2.6.1-1
+- new version
+
+* Wed Apr 22 2015 Ralph Bean <rbean@redhat.com> - 2.6.0-1
+- new version
+- Remove patch for CVE-2015-2296, now included in the upstream release.
+
+* Mon Mar 16 2015 Ralph Bean <rbean@redhat.com> - 2.5.3-2
+- Backport fix for CVE-2015-2296.
+
+* Thu Feb 26 2015 Ralph Bean <rbean@redhat.com> - 2.5.3-1
+- new version
+
+* Wed Feb 18 2015 Ralph Bean <rbean@redhat.com> - 2.5.1-1
+- new version
+
+* Tue Dec 16 2014 Ralph Bean <rbean@redhat.com> - 2.5.0-3
+- Pin python-urllib3 requirement at 1.10.
+- Fix requirement pinning syntax.
+
+* Thu Dec 11 2014 Ralph Bean <rbean@redhat.com> - 2.5.0-2
+- Do the most basic of tests in the check section.
+
+* Thu Dec 11 2014 Ralph Bean <rbean@redhat.com> - 2.5.0-1
+- Latest upstream, 2.5.0 for #1171068
+
+* Wed Nov 05 2014 Ralph Bean <rbean@redhat.com> - 2.4.3-1
+- Latest upstream, 2.4.3 for #1136283
+
+* Wed Nov 05 2014 Ralph Bean <rbean@redhat.com> - 2.3.0-4
+- Re-do unbundling by symlinking system libs into the requests/packages/ dir.
+
+* Sun Aug  3 2014 Tom Callaway <spot@fedoraproject.org> - 2.3.0-3
+- fix license handling
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Thu May 29 2014 Arun S A G <sagarun@gmail.com> - 2.3.0-1
+- Latest upstream
+
+* Wed May 14 2014 Bohuslav Kabrda <bkabrda@redhat.com> - 2.0.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
+
+* Wed Sep 25 2013 Ralph Bean <rbean@redhat.com> - 2.0.0-1
+- Latest upstream.
+- Add doc macro to the python3 files section.
+- Require python-urllib3 greater than or at 1.7.1.
+
+* Mon Aug 26 2013 Rex Dieter <rdieter@fedoraproject.org> 1.2.3-5
+- fix versioned dep on python-urllib3
+
+* Mon Aug 26 2013 Ralph Bean <rbean@redhat.com> - 1.2.3-4
+- Explicitly versioned the requirements on python-urllib3.
+
+* Thu Aug 22 2013 Ralph Bean <rbean@redhat.com> - 1.2.3-3
+- Release bump for a coupled update with python-urllib3.
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Mon Jul 01 2013 Ralph Bean <rbean@redhat.com> - 1.2.3-1
+- Latest upstream.
+- Fixed bogus date in changelog.
+
+* Tue Jun 11 2013 Ralph Bean <rbean@redhat.com> - 1.1.0-4
+- Correct a rhel conditional on python-ordereddict
+
+* Thu Feb 28 2013 Ralph Bean <rbean@redhat.com> - 1.1.0-3
+- Unbundled python-urllib3.  Using system python-urllib3 now.
+- Conditionally include python-ordereddict for el6.
+
+* Wed Feb 27 2013 Ralph Bean <rbean@redhat.com> - 1.1.0-2
+- Unbundled python-charade/chardet.  Using system python-chardet now.
+- Removed deprecated comments and actions against oauthlib unbundling.
+  Those are no longer necessary in 1.1.0.
+- Added links to bz tickets over Patch declarations.
+
+* Tue Feb 26 2013 Ralph Bean <rbean@redhat.com> - 1.1.0-1
+- Latest upstream.
+- Relicense to ASL 2.0 with upstream.
+- Removed cookie handling patch (fixed in upstream tarball).
+- Updated cert unbundling patch to match upstream.
+- Added check section, but left it commented out for koji.
+
+* Fri Feb  8 2013 Toshio Kuratomi <toshio@fedoraproject.org> - 0.14.1-4
+- Let brp_python_bytecompile run again, take care of the non-python{2,3} modules
+  by removing them from the python{,3}-requests package that they did not belong
+  in.
+- Use the certificates in the ca-certificates package instead of the bundled one
+  + https://bugzilla.redhat.com/show_bug.cgi?id=904614
+- Fix a problem with cookie handling
+  + https://bugzilla.redhat.com/show_bug.cgi?id=906924
+
+* Mon Oct 22 2012 Arun S A G <sagarun@gmail.com>  0.14.1-1
+- Updated to latest upstream release
+
+* Sun Jun 10 2012 Arun S A G <sagarun@gmail.com> 0.13.1-1
+- Updated to latest upstream release 0.13.1
+- Use system provided ca-certificates
+- No more async requests use grrequests https://github.com/kennethreitz/grequests
+- Remove gevent as it is no longer required by requests
+
+* Sun Apr 01 2012 Arun S A G <sagarun@gmail.com> 0.11.1-1
+- Updated to upstream release 0.11.1
+
+* Thu Mar 29 2012 Arun S A G <sagarun@gmail.com> 0.10.6-3
+- Support building package for EL6
+
+* Tue Mar 27 2012 Rex Dieter <rdieter@fedoraproject.org> 0.10.6-2
+- +python3-requests pkg
+
+* Sat Mar 3 2012 Arun SAG <sagarun@gmail.com> - 0.10.6-1
+- Updated to new upstream version
+
+* Sat Jan 21 2012 Arun SAG <sagarun@gmail.com> - 0.9.3-1
+- Updated to new upstream version 0.9.3
+- Include python-gevent as a dependency for requests.async
+- Clean up shebangs in requests/setup.py,test_requests.py and test_requests_ext.py
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Sun Nov 27 2011 Arun SAG <sagarun@gmail.com> - 0.8.2-1
+- New upstream version
+- keep alive support
+- complete removal of cookiejar and urllib2
+
+* Thu Nov 10 2011 Arun SAG <sagarun@gmail.com> - 0.7.6-1
+- Updated to new upstream release 0.7.6
+
+* Thu Oct 20 2011 Arun SAG <sagarun@gmail.com> - 0.6.6-1
+- Updated to version 0.6.6
+
+* Fri Aug 26 2011 Arun SAG <sagarun@gmail.com> - 0.6.1-1
+- Updated to version 0.6.1
+
+* Sat Aug 20 2011 Arun SAG <sagarun@gmail.com> - 0.6.0-1
+- Updated to latest version 0.6.0
+
+* Mon Aug 15 2011 Arun SAG <sagarun@gmail.com> - 0.5.1-2
+- Remove OPT_FLAGS from build section since it is a noarch package
+- Fix use of mixed tabs and space
+- Remove extra space around the word cumbersome in description
+
+* Sun Aug 14 2011 Arun SAG <sagarun@gmail.com> - 0.5.1-1
+- Initial package