!36 update to v3.2.2

From: @xiezhipeng1 
Reviewed-by: @licihua 
Signed-off-by: @licihua

backport-Add-check-of-performance-of-ipv6-check.patch

@@ -1,28 +0,0 @@
-From e514826eea15f2b62bbc13da407b71552ef5ff4c Mon Sep 17 00:00:00 2001
-From: Jonathan Huot <jonathan.huot@gmail.com>
-Date: Fri, 2 Sep 2022 23:22:17 +0200
-Subject: [PATCH] Add check of performance of ipv6 check
-
----
- tests/test_uri_validate.py | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/tests/test_uri_validate.py b/tests/test_uri_validate.py
-index 3489d95..1ef8b1f 100644
---- a/tests/test_uri_validate.py
-+++ b/tests/test_uri_validate.py
-@@ -31,3 +31,11 @@ class UriValidateTest(TestCase):
-         self.assertIsNone(is_absolute_uri('wrong'))
-         self.assertIsNone(is_absolute_uri('http://[:1]:38432/path'))
-         self.assertIsNone(is_absolute_uri('http://[abcd:efgh::1]/'))
-+
-+    def test_recursive_regex(self):
-+        from datetime import datetime
-+        t0 = datetime.now()
-+        self.assertIsNone(is_absolute_uri('http://[::::::::::::::::::::::::::]/path'))
-+        t1 = datetime.now()
-+        spent = t1 - t0
-+        self.assertGreater(0.1, spent.total_seconds(), "possible recursive loop detected")
--- 
-2.33.0
-

backport-CVE-2022-36087.patch

@@ -1,115 +0,0 @@
-From 5d85c61998692643dd9d17e05d2646e06ce391e8 Mon Sep 17 00:00:00 2001
-From: Jonathan Huot <jonathan.huot@gmail.com>
-Date: Tue, 6 Sep 2022 21:56:40 +0200
-Subject: [PATCH] Fix IPV6 regex used to check redirect_uri
-
----
- oauthlib/uri_validate.py   |  2 +-
- tests/test_uri_validate.py | 51 +++++++++++++++++++++++++++++++++++---
- 2 files changed, 48 insertions(+), 5 deletions(-)
-
-diff --git a/oauthlib/uri_validate.py b/oauthlib/uri_validate.py
-index 8a6d9c2..a6fe0fb 100644
---- a/oauthlib/uri_validate.py
-+++ b/oauthlib/uri_validate.py
-@@ -66,7 +66,7 @@ IPv4address = r"%(dec_octet)s \. %(dec_octet)s \. %(dec_octet)s \. %(dec_octet)s
- )
- 
- #   IPv6address
--IPv6address = r"([A-Fa-f0-9:]+:+)+[A-Fa-f0-9]+"
-+IPv6address = r"([A-Fa-f0-9:]+[:$])[A-Fa-f0-9]{1,4}"
- 
- #   IPvFuture     = "v" 1*HEXDIG "." 1*( unreserved / sub-delims / ":" )
- IPvFuture = r"v %(HEXDIG)s+ \. (?: %(unreserved)s | %(sub_delims)s | : )+" % locals()
-diff --git a/tests/test_uri_validate.py b/tests/test_uri_validate.py
-index 1ef8b1f..6a9f8ea 100644
---- a/tests/test_uri_validate.py
-+++ b/tests/test_uri_validate.py
-@@ -1,4 +1,4 @@
--import oauthlib
-+import unittest
- from oauthlib.uri_validate import is_absolute_uri
- 
- from tests.unittest import TestCase
-@@ -7,7 +7,6 @@ from tests.unittest import TestCase
- class UriValidateTest(TestCase):
- 
-     def test_is_absolute_uri(self):
--
-         self.assertIsNotNone(is_absolute_uri('schema://example.com/path'))
-         self.assertIsNotNone(is_absolute_uri('https://example.com/path'))
-         self.assertIsNotNone(is_absolute_uri('https://example.com'))
-@@ -17,16 +16,60 @@ class UriValidateTest(TestCase):
-         self.assertIsNotNone(is_absolute_uri('http://example.com'))
-         self.assertIsNotNone(is_absolute_uri('http://example.com/path'))
-         self.assertIsNotNone(is_absolute_uri('http://example.com:80/path'))
--        self.assertIsNotNone(is_absolute_uri('com.example.bundle.id:/'))
-+
-+    def test_query(self):
-+        self.assertIsNotNone(is_absolute_uri('http://example.com:80/path?foo'))
-+        self.assertIsNotNone(is_absolute_uri('http://example.com:80/path?foo=bar'))
-+        self.assertIsNotNone(is_absolute_uri('http://example.com:80/path?foo=bar&fruit=banana'))
-+
-+    def test_fragment_forbidden(self):
-+        self.assertIsNone(is_absolute_uri('http://example.com:80/path#foo'))
-+        self.assertIsNone(is_absolute_uri('http://example.com:80/path#foo=bar'))
-+        self.assertIsNone(is_absolute_uri('http://example.com:80/path#foo=bar&fruit=banana'))
-+
-+    def test_combined_forbidden(self):
-+        self.assertIsNone(is_absolute_uri('http://example.com:80/path?foo#bar'))
-+        self.assertIsNone(is_absolute_uri('http://example.com:80/path?foo&bar#fruit'))
-+        self.assertIsNone(is_absolute_uri('http://example.com:80/path?foo=1&bar#fruit=banana'))
-+        self.assertIsNone(is_absolute_uri('http://example.com:80/path?foo=1&bar=2#fruit=banana&bar=foo'))
-+
-+    def test_custom_scheme(self):
-+        self.assertIsNotNone(is_absolute_uri('com.example.bundle.id://'))
-+
-+    def test_ipv6_bracket(self):
-         self.assertIsNotNone(is_absolute_uri('http://[::1]:38432/path'))
-         self.assertIsNotNone(is_absolute_uri('http://[::1]/path'))
-         self.assertIsNotNone(is_absolute_uri('http://[fd01:0001::1]/path'))
-         self.assertIsNotNone(is_absolute_uri('http://[fd01:1::1]/path'))
-         self.assertIsNotNone(is_absolute_uri('http://[0123:4567:89ab:cdef:0123:4567:89ab:cdef]/path'))
-+        self.assertIsNotNone(is_absolute_uri('http://[0123:4567:89ab:cdef:0123:4567:89ab:cdef]:8080/path'))
-+
-+    @unittest.skip("ipv6 edge-cases not supported")
-+    def test_ipv6_edge_cases(self):
-+        self.assertIsNotNone(is_absolute_uri('http://2001:db8::'))
-+        self.assertIsNotNone(is_absolute_uri('http://::1234:5678'))
-+        self.assertIsNotNone(is_absolute_uri('http://2001:db8::1234:5678'))
-+        self.assertIsNotNone(is_absolute_uri('http://2001:db8:3333:4444:5555:6666:7777:8888'))
-+        self.assertIsNotNone(is_absolute_uri('http://2001:db8:3333:4444:CCCC:DDDD:EEEE:FFFF'))
-+        self.assertIsNotNone(is_absolute_uri('http://0123:4567:89ab:cdef:0123:4567:89ab:cdef/path'))
-+        self.assertIsNotNone(is_absolute_uri('http://::'))
-+        self.assertIsNotNone(is_absolute_uri('http://2001:0db8:0001:0000:0000:0ab9:C0A8:0102'))
-+
-+    @unittest.skip("ipv6 dual ipv4 not supported")
-+    def test_ipv6_dual(self):
-+        self.assertIsNotNone(is_absolute_uri('http://2001:db8:3333:4444:5555:6666:1.2.3.4'))
-+        self.assertIsNotNone(is_absolute_uri('http://::11.22.33.44'))
-+        self.assertIsNotNone(is_absolute_uri('http://2001:db8::123.123.123.123'))
-+        self.assertIsNotNone(is_absolute_uri('http://::1234:5678:91.123.4.56'))
-+        self.assertIsNotNone(is_absolute_uri('http://::1234:5678:1.2.3.4'))
-+        self.assertIsNotNone(is_absolute_uri('http://2001:db8::1234:5678:5.6.7.8'))
-+
-+    def test_ipv4(self):
-         self.assertIsNotNone(is_absolute_uri('http://127.0.0.1:38432/'))
-         self.assertIsNotNone(is_absolute_uri('http://127.0.0.1:38432/'))
-         self.assertIsNotNone(is_absolute_uri('http://127.1:38432/'))
- 
-+    def test_failures(self):
-         self.assertIsNone(is_absolute_uri('http://example.com:notaport/path'))
-         self.assertIsNone(is_absolute_uri('wrong'))
-         self.assertIsNone(is_absolute_uri('http://[:1]:38432/path'))
-@@ -35,7 +78,7 @@ class UriValidateTest(TestCase):
-     def test_recursive_regex(self):
-         from datetime import datetime
-         t0 = datetime.now()
--        self.assertIsNone(is_absolute_uri('http://[::::::::::::::::::::::::::]/path'))
-+        is_absolute_uri('http://[::::::::::::::::::::::::::]/path')
-         t1 = datetime.now()
-         spent = t1 - t0
-         self.assertGreater(0.1, spent.total_seconds(), "possible recursive loop detected")
--- 
-2.33.0
-

python-oauthlib.spec

@@ -1,14 +1,11 @@
 %global _empty_manifest_terminate_build 0
 Name:           python-oauthlib
-Version:        3.2.0
+Version:        3.2.2
-Release:        2
+Release:        1
 Summary:        A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
 License:        BSD
 URL:            https://github.com/oauthlib/oauthlib
-Source0:        https://files.pythonhosted.org/packages/6e/7e/a43cec8b2df28b6494a865324f0ac4be213cb2edcf1e2a717547a93279b0/oauthlib-3.2.0.tar.gz
+Source0:        https://github.com/oauthlib/oauthlib/archive/refs/tags/v%{version}.tar.gz#/oauthlib-%{version}.tar.gz
-
-Patch6000:      backport-Add-check-of-performance-of-ipv6-check.patch
-Patch6001:      backport-CVE-2022-36087.patch
 
 BuildArch:      noarch
 %description
@@ -102,6 +99,12 @@ mv %{buildroot}/doclist.lst .
 %{_docdir}/*
 
 %changelog
+* Thu Jan 19 2023 Zhipeng Xie <xiezhipeng1@huawei.com> - 3.2.2-1
+- Type: requirement
+- CVE: NA
+- SUG: NA
+- DESC: update to 3.2.2
+
 * Mon Sep 26 2022 zhuofeng<zhuofeng2@huawei.com> - 3.2.0-2
 - Type:CVE
 - CVE:CVE-2022-36087