Re: [meta-virtualization] [kirkstone][PATCH] python3-docker: Fix for requests 2.32.0: CVE-2024-35195 backport

[Bruce Ashfield <bruce.ashfield@gmail.com>]

merged to kirskstone.

Bruce

In message: [meta-virtualization] [kirkstone][PATCH] python3-docker: Fix for requests 2.32.0: CVE-2024-35195 backport
on 16/04/2025 Chen, Libo (CN) via lists.yoctoproject.org wrote:

> From: Christian Ege <christian.ege@ifm.com>
> 
> After backporting the CVE-2024-35195 in poky, parts of python3-requests
> got updated to 2.32.0 which is incompatible with the current
> docker-compose command.
> 
> This patch will fix the following error message:
> 
> During handling of the above exception, another exception occurred:
> 
> Traceback (most recent call last):
>   File "/usr/bin/docker-compose", line 8, in <module>
>     sys.exit(main())
>   File "/usr/lib/python3.10/site-packages/compose/cli/main.py", line 81, in main
>     command_func()
>   File "/usr/lib/python3.10/site-packages/compose/cli/main.py", line 200, in perform_command
>     project = project_from_options('.', options)
>   File "/usr/lib/python3.10/site-packages/compose/cli/command.py", line 60, in project_from_options
>     return get_project(
>   File "/usr/lib/python3.10/site-packages/compose/cli/command.py", line 152, in get_project
>     client = get_client(
>   File "/usr/lib/python3.10/site-packages/compose/cli/docker_client.py", line 41, in get_client
>     client = docker_client(
>   File "/usr/lib/python3.10/site-packages/compose/cli/docker_client.py", line 170, in docker_client
>     client = APIClient(use_ssh_client=not use_paramiko_ssh, **kwargs)
>   File "/usr/lib/python3.10/site-packages/docker/api/client.py", line 197, in __init__
>     self._version = self._retrieve_server_version()
>   File "/usr/lib/python3.10/site-packages/docker/api/client.py", line 221, in _retrieve_server_version
>     raise DockerException(
> docker.errors.DockerException: Error while fetching server API version: Not supported URL scheme http+docker
> 
> Signed-off-by: Christian Ege <christian.ege@ifm.com>
> 
> Reference: https://github.com/graugans/meta-virtualization/commit/4149812ca9581a313de27c45a0f2dfa7bd8f53df
> 
> Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
> ---
>  .../0001-hotfix-requests-issue.patch          | 31 +++++++++++++++++++
>  .../python/python3-docker_5.0.0.bb            |  4 +++
>  2 files changed, 35 insertions(+)
>  create mode 100644 recipes-devtools/python/python3-docker/0001-hotfix-requests-issue.patch
> 
> diff --git a/recipes-devtools/python/python3-docker/0001-hotfix-requests-issue.patch b/recipes-devtools/python/python3-docker/0001-hotfix-requests-issue.patch
> new file mode 100644
> index 00000000..70ad8f49
> --- /dev/null
> +++ b/recipes-devtools/python/python3-docker/0001-hotfix-requests-issue.patch
> @@ -0,0 +1,31 @@
> +From 2efec099ad80c18136dc38d9dafd1bb868bf4c90 Mon Sep 17 00:00:00 2001
> +From: Felix Fontein <felix@fontein.de>
> +Date: Mon, 20 May 2024 21:08:25 +0200
> +Subject: [PATCH] Add hotfix for requests 2.32.0. (#861)
> +
> +Upstream-Status: Backport
> +[https://github.com/ansible-collections/community.docker/commit/ab8b6662c28a2c7b0473d43fcf0b26adb2877ede]
> +
> +Signed-off-by: Libo Chen <libo.chen.cn@windriver.com>
> +---
> + docker/transport/basehttpadapter.py | 7 +++++++
> + 1 file changed, 7 insertions(+)
> +
> +diff --git a/docker/transport/basehttpadapter.py b/docker/transport/basehttpadapter.py
> +index 4d819b6..3ffe78b 100644
> +--- a/docker/transport/basehttpadapter.py
> ++++ b/docker/transport/basehttpadapter.py
> +@@ -6,3 +6,10 @@ class BaseHTTPAdapter(requests.adapters.HTTPAdapter):
> +         super(BaseHTTPAdapter, self).close()
> +         if hasattr(self, 'pools'):
> +             self.pools.clear()
> ++
> ++    # Hotfix for requests 2.32.0: its commit
> ++    # https://github.com/psf/requests/commit/c0813a2d910ea6b4f8438b91d315b8d181302356
> ++    # changes requests.adapters.HTTPAdapter to no longer call get_connection() from
> ++    # send(), but instead call _get_connection().
> ++    def _get_connection(self, request, *args, **kwargs):
> ++        return self.get_connection(request.url, kwargs.get('proxies'))
> +-- 
> +2.35.5
> +
> diff --git a/recipes-devtools/python/python3-docker_5.0.0.bb b/recipes-devtools/python/python3-docker_5.0.0.bb
> index 44d65b05..3ad359c3 100644
> --- a/recipes-devtools/python/python3-docker_5.0.0.bb
> +++ b/recipes-devtools/python/python3-docker_5.0.0.bb
> @@ -3,6 +3,10 @@ HOMEPAGE = "https://github.com/docker/docker-py"
>  LICENSE = "Apache-2.0"
>  LIC_FILES_CHKSUM = "file://LICENSE;md5=34f3846f940453127309b920eeb89660"
>  
> +SRC_URI:append = " \
> +                file://0001-hotfix-requests-issue.patch \
> +"
> +
>  SRC_URI[md5sum] = "9cc5156a2ff6458a8f52114b9bbc0d7e"
>  SRC_URI[sha256sum] = "3e8bc47534e0ca9331d72c32f2881bb13b93ded0bcdeab3c833fb7cf61c0a9a5"
>  
> -- 
> 2.34.1
> 

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9229): https://lists.yoctoproject.org/g/meta-virtualization/message/9229
> Mute This Topic: https://lists.yoctoproject.org/mt/112294119/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>