From 227cefa1261daf20b7d9737541994ec2bba629fc Mon Sep 17 00:00:00 2001 From: Christian Ege Date: Wed, 16 Apr 2025 20:58:05 +0800 Subject: python3-docker: Fix for requests 2.32.0: CVE-2024-35195 backport After backporting the CVE-2024-35195 in poky, parts of python3-requests got updated to 2.32.0 which is incompatible with the current docker-compose command. This patch will fix the following error message: During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/bin/docker-compose", line 8, in sys.exit(main()) File "/usr/lib/python3.10/site-packages/compose/cli/main.py", line 81, in main command_func() File "/usr/lib/python3.10/site-packages/compose/cli/main.py", line 200, in perform_command project = project_from_options('.', options) File "/usr/lib/python3.10/site-packages/compose/cli/command.py", line 60, in project_from_options return get_project( File "/usr/lib/python3.10/site-packages/compose/cli/command.py", line 152, in get_project client = get_client( File "/usr/lib/python3.10/site-packages/compose/cli/docker_client.py", line 41, in get_client client = docker_client( File "/usr/lib/python3.10/site-packages/compose/cli/docker_client.py", line 170, in docker_client client = APIClient(use_ssh_client=not use_paramiko_ssh, **kwargs) File "/usr/lib/python3.10/site-packages/docker/api/client.py", line 197, in __init__ self._version = self._retrieve_server_version() File "/usr/lib/python3.10/site-packages/docker/api/client.py", line 221, in _retrieve_server_version raise DockerException( docker.errors.DockerException: Error while fetching server API version: Not supported URL scheme http+docker Signed-off-by: Christian Ege Reference: https://github.com/graugans/meta-virtualization/commit/4149812ca9581a313de27c45a0f2dfa7bd8f53df Signed-off-by: Libo Chen Signed-off-by: Bruce Ashfield --- .../0001-hotfix-requests-issue.patch | 31 ++++++++++++++++++++++ recipes-devtools/python/python3-docker_5.0.0.bb | 4 +++ 2 files changed, 35 insertions(+) create mode 100644 recipes-devtools/python/python3-docker/0001-hotfix-requests-issue.patch diff --git a/recipes-devtools/python/python3-docker/0001-hotfix-requests-issue.patch b/recipes-devtools/python/python3-docker/0001-hotfix-requests-issue.patch new file mode 100644 index 00000000..70ad8f49 --- /dev/null +++ b/recipes-devtools/python/python3-docker/0001-hotfix-requests-issue.patch @@ -0,0 +1,31 @@ +From 2efec099ad80c18136dc38d9dafd1bb868bf4c90 Mon Sep 17 00:00:00 2001 +From: Felix Fontein +Date: Mon, 20 May 2024 21:08:25 +0200 +Subject: [PATCH] Add hotfix for requests 2.32.0. (#861) + +Upstream-Status: Backport +[https://github.com/ansible-collections/community.docker/commit/ab8b6662c28a2c7b0473d43fcf0b26adb2877ede] + +Signed-off-by: Libo Chen +--- + docker/transport/basehttpadapter.py | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/docker/transport/basehttpadapter.py b/docker/transport/basehttpadapter.py +index 4d819b6..3ffe78b 100644 +--- a/docker/transport/basehttpadapter.py ++++ b/docker/transport/basehttpadapter.py +@@ -6,3 +6,10 @@ class BaseHTTPAdapter(requests.adapters.HTTPAdapter): + super(BaseHTTPAdapter, self).close() + if hasattr(self, 'pools'): + self.pools.clear() ++ ++ # Hotfix for requests 2.32.0: its commit ++ # https://github.com/psf/requests/commit/c0813a2d910ea6b4f8438b91d315b8d181302356 ++ # changes requests.adapters.HTTPAdapter to no longer call get_connection() from ++ # send(), but instead call _get_connection(). ++ def _get_connection(self, request, *args, **kwargs): ++ return self.get_connection(request.url, kwargs.get('proxies')) +-- +2.35.5 + diff --git a/recipes-devtools/python/python3-docker_5.0.0.bb b/recipes-devtools/python/python3-docker_5.0.0.bb index 44d65b05..3ad359c3 100644 --- a/recipes-devtools/python/python3-docker_5.0.0.bb +++ b/recipes-devtools/python/python3-docker_5.0.0.bb @@ -3,6 +3,10 @@ HOMEPAGE = "https://github.com/docker/docker-py" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=34f3846f940453127309b920eeb89660" +SRC_URI:append = " \ + file://0001-hotfix-requests-issue.patch \ +" + SRC_URI[md5sum] = "9cc5156a2ff6458a8f52114b9bbc0d7e" SRC_URI[sha256sum] = "3e8bc47534e0ca9331d72c32f2881bb13b93ded0bcdeab3c833fb7cf61c0a9a5" -- cgit v1.2.3-54-g00ecf