------------------------------------------------------------------- Fri Aug 23 08:31:44 UTC 2024 - Victor Zhestkov - Add CVE-2024-37891.patch (bsc#1226469, bsc#1229654) - Remove strict OpenSSL 1.1.1 version checking - Update to 2.0.7 (bsc#1216377, CVE-2023-45803): * Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. - Update Buildrequires to upstream list. - Update to 2.0.6 (bsc#1215968, CVE-2023-43804): * Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect - Update to 2.0.5: * Allowed pyOpenSSL third-party module without any deprecation warning. #3126 * Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066 - Update to 2.0.4: * Added support for union operators to ``HTTPHeaderDict`` * Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (`#3078 * Fixed ``urllib3.connection.HTTPConnection`` to raise the ``http.client.connect`` audit event to have the same behavior as the standard library HTTP client * Relied on the standard library for checking hostnames in supported PyPy releases - Disable test_deprecated_no_scheme so it needs network connection to run correctly. - Update to 2.0.3: * Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. * Deprecated URLs which don't have an explicit scheme * Fixed response decoding with Zstandard when compressed data is made of several frames. * Fixed ``assert_hostname=False`` to correctly skip hostname check. - Update to 2.0.2: * Fixed ``HTTPResponse.stream()`` to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. - Update to 2.0.1: * Fixed a socket leak when fingerprint or hostname verifications fail. * Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. * Removed support for Python 2.7, 3.5, and 3.6. * Removed fallback on certificate commonName in match_hostname() function. * Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. * Removed support for OpenSSL versions earlier than 1.1.1. * Removed urllib3.contrib.appengine.AppEngineManager and support for Google App Engine Standard Environment. * Changed ssl_version to instead set the corresponding SSLContext.minimum_version and SSLContext.maximum_version values. * Changed default SSLContext.minimum_version to be TLSVersion.TLSv1_2 in line with Python 3.10. * Changed urllib3.util.create_urllib3_context to not override the system cipher suites with a default value. * Changed multipart/form-data header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. * Changed HTTPConnection.request() to always use lowercase chunk boundaries when sending requests with Transfer-Encoding: chunked. * Changed enforce_content_length default to True, preventing silent data loss when reading streamed responses. * Changed all parameters in the HTTPConnection and HTTPSConnection constructors to be keyword-only except host and port. * Changed HTTPConnection.getresponse() to set the socket timeout from HTTPConnection.timeout value before reading data from the socket. * Changed name of Retry.BACK0FF_MAX to be Retry.DEFAULT_BACKOFF_MAX. * Changed TLS handshakes to use SSLContext.check_hostname when possible. * Changed the default blocksize to 16KB to match OpenSSL's default read amounts. * Changed HTTPResponse.read() to raise an error when calling with decode_content=False after using decode_content=True to prevent data loss. * Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress. * Fixed the default value of HTTPSConnection.socket_options to match HTTPConnection. * Fixed a socket leak if HTTPConnection.connect() fails. - Drop patch remove_mock.patch, included upstream. - Fiddle with {Build,}Requires as appropiate, six finally dropped. - Added: * CVE-2024-37891.patch * no-strict-OpenSSL-1.1.1.patch - Removed: * openssl-3.2.patch * remove_mock.patch ------------------------------------------------------------------- Mon Mar 4 11:11:14 UTC 2024 - Victor Zhestkov - Add upstream patch openssl-3.2.patch, to fix tests with opennssl 3.2.0, gh#urllib3/urllib3#3271 ------------------------------------------------------------------- Sun Dec 17 18:05:42 UTC 2023 - Victor Zhestkov - Update to 1.26.18 (bsc#1216377, CVE-2023-45803): * Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. - Update to 1.26.17 (bsc#1215968, CVE-2023-43804): * Added the Cookie header to the list of headers to strip from * requests when redirecting to a different host. As before, * different headers can be set via Retry.remove_headers_on_redirect. - Update to 1.26.16: * Fixed thread-safety issue where accessing a ``PoolManager`` with many distinct origins would cause connection pools to be closed while requests are in progress - Update to 1.26.15: * Fix socket timeout value when ``HTTPConnection`` is reused * Remove "!" character from the unreserved characters in IPv6 Zone ID parsing * Fix IDNA handling of '<80>' byte - Update to 1.26.14: * Fixed parsing of port 0 (zero) returning None, instead of 0. * Removed deprecated getheaders() calls in contrib module. - Update to 1.26.13 * Deprecated the ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` methods. * Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. * Fixed a deprecation warning when using cryptography v39.0.0. * Removed the ``<4`` in the ``Requires-Python`` packaging metadata field. - Update to 1.26.12: * Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module. Both will be removed in v2.x. See this `GitHub issue `_ for justification and info on how to migrate. - Update to 1.26.11 * Fix OverflowError when TLS is used on some Python versions - Update to 1.26.10: * Removed support for Python 3.5 * Fixed an issue where a ``ProxyError`` recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured. - Update to 1.26.9: * Changed ``urllib3[brotli]`` extra to favor installing Brotli libraries that are still receiving updates like ``brotli`` and ``brotlicffi`` instead of ``brotlipy``. This change does not impact behavior of urllib3, only which dependencies are installed. * Fixed a socket leaking when ``HTTPSConnection.connect()`` raises an exception. * Fixed ``server_hostname`` being forwarded from ``PoolManager`` to ``HTTPConnectionPool`` when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL. - Update to 1.26.8: * Added extra message to``urllib3.exceptions.ProxyError`` when urllib3 detects that a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP. * Added a mention of the size of the connection pool when discarding a connection due to the pool being full. * Added explicit support for Python 3.11. * Deprecated the ``Retry.MAX_BACKOFF`` class property in favor of ``Retry.DEFAULT_MAX_BACKOFF`` to better match the rest of the default parameter names. ``Retry.MAX_BACKOFF`` is removed in v2.0. * Changed location of the vendored ``ssl.match_hostname`` function from ``urllib3.packages.ssl_match_hostname`` to ``urllib3.util.ssl_match_hostname`` to ensure Python 3.10+ compatibility after being repackaged by downstream distributors. * Fixed absolute imports, all imports are now relative. - Update to 1.26.7: * Fixed a bug with HTTPS hostname verification involving IP addresses and lack of SNI. * Fixed a bug where IPv6 braces weren't stripped during certificate hostname matching. - Update to 1.26.6 * Deprecated the urllib3.contrib.ntlmpool module. * Changed HTTPConnection.request_chunked() to not erroneously emit multiple Transfer-Encoding headers in the case that one is already specified. * Fixed typo in deprecation message to recommend Retry.DEFAULT_ALLOWED_METHODS. - Update to 1.26.5 (bsc#1187045, CVE-2021-33503): * Fixed deprecation warnings emitted in Python 3.10. * Updated vendored ``six`` library to 1.16.0. * Improved performance of URL parser when splitting the authority component. - Update to 1.26.4: * Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``. - Update to 1.26.3: * Fixed bytes and string comparison issue with headers (Pull #2141) * Changed ``ProxySchemeUnknown`` error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull #2107) - Update to 1.26.2: * Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't be imported properly on Python 2.7.8 and earlier (Pull #2052) * Fixed an issue where two ``User-Agent`` headers would be sent if a ``User-Agent`` header key is passed as ``bytes`` (Pull #2047) * Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806) * Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that still wish to use TLS earlier than 1.2 without a deprecation warning should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002) **Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail** * Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST`` and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``, ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)`` (Pull #2000) * Starting in urllib3 v2.0: Deprecated options will be removed * Added default ``User-Agent`` header to every request (Pull #1750) * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``, and ``Host`` headers from being automatically emitted with requests (Pull #2018) * Collapse ``transfer-encoding: chunked`` request data and framing into the same ``socket.send()`` call (Pull #1906) * Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894) * Properly terminate SecureTransport connections when CA verification fails (Pull #1977) * Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None`` to SecureTransport (Pull #1903) * Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970) * Suppress ``BrokenPipeError`` when writing request body after the server has closed the socket (Pull #1524) * Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC") into an ``urllib3.exceptions.SSLError`` (Pull #1939) * Fix retry backoff time parsed from ``Retry-After`` header when given in the HTTP date format. The HTTP date was parsed as the local timezone rather than accounting for the timezone in the HTTP date (typically UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949) - Add remove_mock.patch to remove dependency on the external mock package (gh#urllib3/urllib3#2108). - Added: * remove_mock.patch - Removed: * CVE-2021-33503.patch * CVE-2023-43804.patch * ssl_match_hostname_py3.py ------------------------------------------------------------------- Mon Oct 9 07:59:44 UTC 2023 - Daniel Garcia - Add CVE-2023-43804.patch (bsc#1215968, CVE-2023-43804) gh#urllib3/urllib3#3139 * Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. ------------------------------------------------------------------- Wed Oct 5 14:27:23 UTC 2022 - Victor Zhestkov - Explicitly use ssl for ssl_match_hostname_py3 implementation - Added: * ssl_match_hostname_py3.py ------------------------------------------------------------------- Mon Apr 4 13:10:56 UTC 2022 - Victor Zhestkov - Strictly require Python 3.10 with saltbundlepy requrement ------------------------------------------------------------------- Fri Jun 11 09:56:52 UTC 2021 - Johannes Grassler - Add CVE-2021-33503.patch (bsc#1187045, CVE-2021-33503) * Improve performance of sub-authority splitting in URL ------------------------------------------------------------------- Fri Jan 1 13:20:04 UTC 2021 - Benjamin Greiner - Skip test for RECENT_DATE. It is a test purely for developers. To maintain reproducibility, keep upstreams possibly outdated RECENT_DATE in the source code. ------------------------------------------------------------------- Thu Dec 17 18:13:57 UTC 2020 - Matej Cepl - Add CI variable, which makes timeouts in the test suite longer (gh#urllib3/urllib3#2109, bsc#1176389) and test_timeout_errors_cause_retries should not fail. ------------------------------------------------------------------- Wed Sep 9 16:49:22 UTC 2020 - Alberto Planas Dominguez - Generate pyc for ssl_match_hostname too ------------------------------------------------------------------- Tue Aug 4 16:09:35 UTC 2020 - Dirk Mueller - update to 1.25.10: * Added support for ``SSLKEYLOGFILE`` environment variable for logging TLS session keys with use with programs like Wireshark for decrypting captured web traffic (Pull #1867) * Fixed loading of SecureTransport libraries on macOS Big Sur due to the new dynamic linker cache (Pull #1905) * Collapse chunked request bodies data and framing into one call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906) * Don't insert ``None`` into ``ConnectionPool`` if the pool was empty when requesting a connection (Pull #1866) * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858) ------------------------------------------------------------------- Tue Jun 2 17:19:23 UTC 2020 - Dirk Mueller - update to 1.25.9 (bsc#1177120, CVE-2020-26137): * Added ``InvalidProxyConfigurationWarning`` which is raised when erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently support connecting to HTTPS proxies but will soon be able to and we would like users to migrate properly without much breakage. * Drain connection after ``PoolManager`` redirect (Pull #1817) * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812) * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805) * Allow the CA certificate data to be passed as a string (Pull #1804) * Raise ``ValueError`` if method contains control characters (Pull #1800) * Add ``__repr__`` to ``Timeout`` (Pull #1795) ------------------------------------------------------------------- Tue Apr 21 21:07:06 UTC 2020 - Matej Cepl - Explicitly switch off building python 2 version. ------------------------------------------------------------------- Fri Feb 7 15:24:03 UTC 2020 - Marketa Calabkova - update to 1.25.8 * Drop support for EOL Python 3.4 * Optimize _encode_invalid_chars * Preserve chunked parameter on retries * Allow unset SERVER_SOFTWARE in App Engine * Fix issue where URL fragment was sent within the request target. * Fix issue where an empty query section in a URL would fail to parse. * Remove TLS 1.3 support in SecureTransport due to Apple removing support. ------------------------------------------------------------------- Tue Oct 15 10:53:45 UTC 2019 - Ralf Haferkamp - Require a new enough release of python-six. 1.25.6 needs at least 1.12.0 for ensure_text() and friends. ------------------------------------------------------------------- Wed Oct 2 13:18:36 UTC 2019 - Tomáš Chvátal - Updae to 1.25.6: * Fix issue where tilde (~) characters were incorrectly percent-encoded in the path. (Pull #1692) ------------------------------------------------------------------- Fri Sep 27 10:39:28 UTC 2019 - Tomáš Chvátal - Restrict the tornado dep from tom to 5 or older release as the 6.x changed the API ------------------------------------------------------------------- Fri Sep 20 12:14:13 UTC 2019 - Tomáš Chvátal - Update to 1.25.5: * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using cert_reqs=CERT_NONE. (Issue #1682) * Propagate Retry-After header settings to subsequent retries. (Pull #1607) * Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull #1607) * Remove dependency on rfc3986 for URL parsing. * Fix issue where URLs containing invalid characters within Url.auth would raise an exception instead of percent-encoding those characters. * Add support for HTTPResponse.auto_close = False which makes HTTP responses work well with BufferedReaders and other io module features. (Pull #1652) * Percent-encode invalid characters in URL for HTTPConnectionPool.request() (Pull #1673) - Drop patch urllib3-ssl-default-context.patch - Drop patch python-urllib3-recent-date.patch the date is recent enough on its own ------------------------------------------------------------------- Sat Sep 14 02:58:42 UTC 2019 - John Vandenberg - Use have/skip_python2/3 macros to allow building only one flavour ------------------------------------------------------------------- Mon Jul 22 07:54:44 UTC 2019 - Tomáš Chvátal - Use old pytest 3.x as newer do not work with this release * this will be fixed with next release, just spread among numerous fixes in the git for quick backporting ------------------------------------------------------------------- Fri Jun 21 06:23:36 UTC 2019 - Dominique Leuenberger - Fixup pre script: the migration issue happens when changing from python-urllib3 to python2-urllib3: the number of installed instances of python2-urlliib3 is at this moment 1, unlike in regular updates. This is due to a name change, which consists not of a pure package update. ------------------------------------------------------------------- Thu Jun 20 07:33:55 UTC 2019 - Dominique Leuenberger - Provides/Obsoletes does not fix the issue: we have a directory-to-symlink switch, which cannot be handled by RPM internally. Assist using pre script (boo#1138715). ------------------------------------------------------------------- Wed Jun 19 15:58:19 UTC 2019 - Stefan Brüns - Fix Upgrade from Leap 42.1/42.2 by adding Obsoletes/Provides: python-urllib3, fixes boo#1138746 ------------------------------------------------------------------- Fri Jun 7 11:40:05 UTC 2019 - Tomáš Chvátal - Skip test_source_address_error as we raise different error with fixes that we provide in new python2/3 ------------------------------------------------------------------- Wed May 29 08:59:29 UTC 2019 - Tomáš Chvátal - Add more test to skip as with new openssl some behaviour changed and we can't rely on them anymore ------------------------------------------------------------------- Wed May 29 08:20:27 UTC 2019 - Tomáš Chvátal - Unbundle the six, rfc3986, and backports.ssl_match_hostname - Add missing dependency on python-six (bsc#1150895) ------------------------------------------------------------------- Fri May 24 19:16:21 UTC 2019 - Tomáš Chvátal - Update to 1.25.3: * Change HTTPSConnection to load system CA certificates when ca_certs, ca_cert_dir, and ssl_context are unspecified. (Pull #1608, Issue #1603) * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605) ------------------------------------------------------------------- Mon May 6 11:18:36 UTC 2019 - Tomáš Chvátal - Update to 1.25.2: * Change is_ipaddress to not detect IPvFuture addresses. (Pull #1583) * Change parse_url to percent-encode invalid characters within the path, query, and target components. (Pull #1586) * Add support for Google's Brotli package. (Pull #1572, Pull #1579) * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578) - Require all the deps from the secure list rather than Recommend. This makes the check to be run always and ensure the urls are "secure". - Remove ndg-httpsclient as it is not needed since 2015 ------------------------------------------------------------------- Tue Apr 23 10:27:36 UTC 2019 - Tomáš Chvátal - Add missing dependency on brotlipy - Fix the tests to pass again ------------------------------------------------------------------- Tue Apr 23 04:04:50 UTC 2019 - Thomas Bechtold - update to 1.25 (bsc#1132663, bsc#1129071, CVE-2019-9740, CVE-2019-11236): * Require and validate certificates by default when using HTTPS * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use encrypted ``key_file`` without creating your own ``SSLContext`` object. * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext`` implementations. (Pull #1496) * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. * Fixed issue where OpenSSL would block if an encrypted client private key was given and no password was given. Instead an ``SSLError`` is raised. * Added support for Brotli content encoding. It is enabled automatically if ``brotlipy`` package is installed which can be requested with ``urllib3[brotli]`` extra. * Drop ciphers using DSS key exchange from default TLS cipher suites. Improve default ciphers when using SecureTransport. * Implemented a more efficient ``HTTPResponse.__iter__()`` method. - Drop urllib3-test-ssl-drop-sslv3.patch . No longer needed ------------------------------------------------------------------- Thu Apr 18 00:02:07 CEST 2019 - Matej Cepl - Update to 1.24.2 (bsc#1132900, CVE-2019-11324): - Implemented a more efficient HTTPResponse.__iter__() method. (Issue #1483) - Upgraded urllib3.utils.parse_url() to be RFC 3986 compliant. (Pull #1487) - Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) - Added support for key_password for HTTPSConnectionPool to use encrypted key_file without creating your own SSLContext object. (Pull #1489) - Fixed issue where OpenSSL would block if an encrypted client private key was given and no password was given. Instead an SSLError is raised. (Pull #1489) - Require and validate certificates by default when using HTTPS (Pull #1507) - Added support for Brotli content encoding. It is enabled automatically if brotlipy package is installed which can be requested with urllib3[brotli] extra. (Pull #1532) - Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport SSLContext implementations. (Pull #1496) - Drop ciphers using DSS key exchange from default TLS cipher suites. Improve default ciphers when using SecureTransport. (Pull #1496) - Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269) - Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, PR #1492) ------------------------------------------------------------------- Sun Dec 30 18:20:59 CET 2018 - mcepl@suse.com - Update to 1.24.1: * Remove quadratic behavior within GzipDecoder.decompress() (Issue #1467) * Restored functionality of ciphers parameter for create_urllib3_context(). (Issue #1462) ------------------------------------------------------------------- Thu Nov 1 14:14:34 UTC 2018 - Tomáš Chvátal - Update to 1.24: * Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449) * Test against Python 3.7 on AppVeyor. (Pull #1453) * Early-out ipv6 checks when running on App Engine. (Pull #1450) * Change ambiguous description of backoff_factor (Pull #1436) * Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442) * Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405). * Add a server_hostname parameter to HTTPSConnection which allows for overriding the SNI hostname sent in the handshake. (Pull #1397) * Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430) * Fixed bug where responses with header Content-Type: message/* erroneously raised HeaderParsingError, resulting in a warning being logged. (Pull #1439) * Move urllib3 to src/urllib3 (Pull #1409) - Drop patch 1414.patch merged upstream - Refresh patches: * python-urllib3-recent-date.patch * urllib3-ssl-default-context.patch ------------------------------------------------------------------- Fri Sep 7 14:45:38 CEST 2018 - mcepl@suse.com - Switch to multibuild to minize requirements for providing urllib3 module. ------------------------------------------------------------------- Tue Aug 21 11:39:09 UTC 2018 - dmueller@suse.com - fix dependency again for passing tests for python 2.x ------------------------------------------------------------------- Mon Aug 20 08:19:15 UTC 2018 - tchvatal@suse.com - Do not use ifpython2 for BRs where it does not work ------------------------------------------------------------------- Mon Aug 20 08:13:30 UTC 2018 - dmueller@suse.com - add python-ipaddress dependency for python 2.x ------------------------------------------------------------------- Wed Jul 18 09:19:49 UTC 2018 - tchvatal@suse.com - Drop not needed devel and nose deps ------------------------------------------------------------------- Sun Jul 15 22:30:26 UTC 2018 - mimi.vx@gmail.com - update to 1.23 (bsc#1119376, CVE-2018-20060) - add 1414.patch - fix tests with new tornado - refresh python-urllib3-recent-date.patch - drop urllib3-test-no-coverage.patch * Allow providing a list of headers to strip from requests when redirecting to a different host. Defaults to the Authorization header. Different headers can be set via Retry.remove_headers_on_redirect. * Fix util.selectors._fileobj_to_fd to accept long * Dropped Python 3.3 support. * Put the connection back in the pool when calling stream() or read_chunked() on a chunked HEAD response. * Fixed pyOpenSSL-specific ssl client authentication issue when clients attempted to auth via certificate + chain * Add the port to the connectionpool connect print * Don't use the uuid module to create multipart data boundaries. * read_chunked() on a closed response returns no chunks. * Add Python 2.6 support to contrib.securetransport * Added support for auth info in url for SOCKS proxy ------------------------------------------------------------------- Wed Mar 7 15:52:54 UTC 2018 - aplanas@suse.com - Allows Recommends and Suggest in Fedora ------------------------------------------------------------------- Tue Feb 27 18:42:40 UTC 2018 - aplanas@suse.com - Recommends only for SUSE ------------------------------------------------------------------- Mon Feb 12 12:14:42 UTC 2018 - normand@linux.vnet.ibm.com - disable more flaky tests specifically for PowerPC ------------------------------------------------------------------- Sun Dec 31 14:39:03 UTC 2017 - dimstar@opensuse.org - Add python-urllib3-recent-date.patch: Fix test suite, use correct date (gh#shazow/urllib3#1303, boo#1074247). ------------------------------------------------------------------- Thu Oct 19 11:48:58 UTC 2017 - jmatejek@suse.com - use python3 for detection, in anticipation of python2 removal ------------------------------------------------------------------- Fri Aug 11 14:55:33 UTC 2017 - toddrme2178@gmail.com - Disable tests that timeout ------------------------------------------------------------------- Tue Aug 8 06:57:44 UTC 2017 - tbechtold@suse.com - update to 1.22: * Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via IPv6 proxy. (Issue #1222) * Made the connection pool retry on ``SSLError``. The original ``SSLError`` is available on ``MaxRetryError.reason``. (Issue #1112) * Drain and release connection before recursing on retry/redirect. Fixes deadlocks with a blocking connectionpool. (Issue #1167) * Fixed compatibility for cookiejar. (Issue #1229) * pyopenssl: Use vendored version of ``six``. (Issue #1231) - use pytest for running the tests. That is what upstream is doing ------------------------------------------------------------------- Sat Jun 10 08:10:33 UTC 2017 - dmueller@suse.com - update to 1.21.1: * Fixed SecureTransport issue that would cause long delays in response body delivery. (Pull #1154) * Fixed regression in 1.21 that threw exceptions when users passed the ``socket_options`` flag to the ``PoolManager``. (Issue #1165) * Fixed regression in 1.21 that threw exceptions when users passed the ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``. * Improved performance of certain selector system calls on Python 3.5 and later. (Pull #1095) * Resolved issue where the PyOpenSSL backend would not wrap SysCallError exceptions appropriately when sending data. (Pull #1125) * Selectors now detects a monkey-patched select module after import for modules that patch the select module like eventlet, greenlet. (Pull #1128) * Reduced memory consumption when streaming zlib-compressed responses (as opposed to raw deflate streams). (Pull #1129) * Connection pools now use the entire request context when constructing the pool key. (Pull #1016) * ``PoolManager.connection_from_*`` methods now accept a new keyword argument, ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``. * Add retry counter for ``status_forcelist``. (Issue #1147) * Added ``contrib`` module for using SecureTransport on macOS: ``urllib3.contrib.securetransport``. (Pull #1122) * urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes: for schemes it does not recognise, it assumes they are case-sensitive and leaves them unchanged. ------------------------------------------------------------------- Wed May 17 12:37:11 CEST 2017 - lchiquitto@suse.de - Relax python-nose version requirement on SLE 12 (fate#321630) ------------------------------------------------------------------- Tue Mar 14 14:34:45 UTC 2017 - jmatejek@suse.com - merge python3 modifications - update for multipython build - update to 1.20: * Added support for waiting for I/O using selectors other than select, improving urllib3’s behaviour with large numbers of concurrent connections. (Pull #1001) * Updated the date for the system clock check. (Issue #1005) * ConnectionPools now correctly consider hostnames to be case-insensitive. (Issue #1032) * Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module to fail when it is injected, rather than at first use. (Pull #1063) * Outdated versions of cryptography now cause the PyOpenSSL contrib module to fail when it is injected, rather than at first use. (Issue #1044) * Automatically attempt to rewind a file-like body object when a request is retried or redirected. (Pull #1039) * Fix some bugs that occur when modules incautiously patch the queue module. (Pull #1061) * Prevent retries from occuring on read timeouts for which the request method was not in the method whitelist. (Issue #1059) * Changed the PyOpenSSL contrib module to lazily load idna to avoid unnecessarily bloating the memory of programs that don’t need it. (Pull #1076) * Add support for IPv6 literals with zone identifiers. (Pull #1013) * Added support for socks5h:// and socks4a:// schemes when working with SOCKS proxies, and controlled remote DNS appropriately. (Issue #1035) ------------------------------------------------------------------- Wed Dec 28 08:08:14 UTC 2016 - tbechtold@suse.com update to version 1.19.1 * Forgot to mention #955. * Starting o the user guide. * Add ipaddress marker to setup.cfg. * CHANGES for #897 * Version added 1.17 * Change debug level to 'debug' to match ConnectionPool * Moving some stuff to advanced usage. * Ignore only the unused import error * Uniform checks. * Add test for past date in Retry-After header * Adding all reference docs * Ok, I just gotta see what's going on here. * Adding app engine docs * Keep using the good OpenSSL * Adding timeout section * Removing absolute import in NTLMPool * Use the good OpenSSL. * Small pass at contributing * parse_url: Disallow non-integer digits explicitly in port numbers * Fixup some whitespace. * Updating copy on landing page. * Fix flake8 E305 errors * Use OS default certs when possible * Fleshing out user guide. * Fallback to the vendored ipaddress module. * Updating intersphinx to python 3.4 * Seems like version mismatch is the issue. * Improve the cipher suite comment * Retry backoff time is calculated only from the last consecutive errors sequence * Fix a typo in the user guide documentation * Update docs guide with new dependencies * Tests for #979 * Remove HIGH cipher suites as well. * Adding SSL verification section to user guide. * More CHANGES * Changes for #1017 * Changelog for #1009. * Vendor a backport of the ipaddress module. * CHANGES for 1.19 * Fixed typos * Revert "Fallback to the vendored ipaddress module." * Use "with" to close more files eagerly and also on error * Addressing review comments * First stab at the new index page * Removing unneeded scratch file. * Fixing some references * Moving some stuff around. * CR fixes * Remove 100% requirement from nosetests. * Try using codecov * Remove absolute import. * Split ciphers up to individual lines. * add warning when timeout without total is used on App Engine * We don't want a sad @haikuginger * RequestHistory is a namedtuple instance. * I wonder if we're missing this. * Switching to alabaster theme * Prefer user-supplied host headers. * Try shoving it in tox.ini * Add include=urllib3/* to prevent core module coverage through six.moves * Pointing flake8 specifically at the urllib3 package * CHANGES for #955 * Sorry PyPy. * Add support for ChaCha20. * Make Travis CI fail if docs have warnings or errors * Added CHANGES entry * Test with OpenSSL 1.1 on Mac. * Backport Python 3.5 match_hostname function. * Wrap lines to under 99 chars * Moving docs creation into tox * Gotta use the pyenv everywhere. * Explicitly check if a value in a multipart header is None instead of just a falsy value * Move to a more complex bit of idna handling. * Make codecov enforce 100% coverage. * Error if GAE_PYTHONPATH is not set when running make test-gae * Changes for #258. * adding length_remaining functionality to HTTPResponse * test TLSv1 instead of SSLv3 * fixing infinite loop when stream(None) called * Adding proxy section * Don't forget setup.cfg * Removing TODO * add changelog for #978 * Stop testing our parsing via TLS failure. * CHANGES for #928 * Add support for OS X. * While I'm shotgun debugging. * Merging new release version: 1.19.1 * Clean up some bugs. * Support date in Retry-After header * Defer to URLFetch's default timeout instead of hard coding 5s. * Update Travis PyPy testing to 5.4 * Remove 3DES support. * Seems like Python 2.6 doesn't like -m pip * Adding logging and exceptions. * changing conditional order to prefer isclosed over closed * Have the 'secure' flag install ipaddress. * Respect Retry-After header for redirection * Respect Retry-After header * Correct the import of urljoin for Python 3 * use dunder slots for Url class slots variable * Update README.rst to better reflect new documentation. * Allow PyPy 5.3 to fail * updating CHANGES and CONTRIBUTORS * Clarifying a few things. * Revert "Remove ipaddress marker." * Fix GAE_PYTHONPATH error in Makefile * Removing symlinks from dummyserver certs to fix test suite on Windows * adding in exception for booleans and zero values in timeouts * CHANGES for #930 * add domain and method aware logging to connectionpool (#897) * Add release note about #941 (#943) * Make HTTPResponse.stream() work with file-like body of non-HTTPResponse type (eg StringIO) * Use HTTPException, LifoQueue, Empty, and Full from six * CHANGES for #858 and #887 * Updating links to SSL warning help page. Fixes #918 * More alabaster customizations, starting on TOC * CHANGES for #835 * It's possible but unlikely that we need combine * We actually require cryptography-based PyOpenSSL now. * PySocks 1.5.7 causes problems with IPv6. * fixing socks and ssl docstrings. * Fix doc syntax in user-guide.rst * Urllib3 -> urllib3 * Removing uneeded files. * Dear tox: plz propagate env vars. Thanks. * Favour our own match_hostname over old versions. * Bow before our fruit overlords. * enforce_content_length for incrementally read responses * fixing incorrect message for IncompleteRead * Update setup.cfg * Changelog for #986. * Spelling fixes * Line breaks. * Adding docs/requirements.txt for readthedocs. * CHANGES for #989. * Normalize the scheme and host in the URL parser * Update changes for 1.17 * Changes for #979 * Changelog update for #947. * Update connectionpool.py * Make BodyNotHttplibCompatible inherit from HttpError, urllib3's base exception class, only * Update changes for 1.18 * Update PyOpenSSL to not use ndg-httpsclient or pyasn1 * Retry history changed from list to tuple * Add a cert with IP SAN and test for it. * parse_retry_after: Disallow non-integer digits, allow whitespace * Add failing test for #1009. * Remove markers from setup.py. * Use Travis supplied PyPy 5.3 * Support retry for 413, 429 and 503 status code * Remove ipaddress marker. * Revert "Vendor a backport of the ipaddress module." * Adding retry section * CVE-2016-9015: Correct set verify flags. * Update CHANGES.rst for #911 * Tests for case-insensitivity in the scheme and host * Add changelog for #967. * Try updating setuptools. * Updating flake8 locations * Forward-port 1.18.1 changelog. * Update [secure] extra. * Add more advanced usage docs * CHANGES for #990 * [contrib/pyopenssl] remove unused ssl_wrap_socket * Import more from six ------------------------------------------------------------------- Thu Sep 1 19:12:32 UTC 2016 - tbechtold@suse.com - update to 1.16: * Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840) * Provide ``key_fn_by_scheme`` pool keying mechanism that can be overridden. (Issue #830) * Normalize scheme and host to lowercase for pool keys, and include ``source_address``. (Issue #830) * Cleaner exception chain in Python 3 for ``_make_request``. (Issue #861) * Fixed installing ``urllib3[socks]`` extra. (Issue #864) * Fixed signature of ``ConnectionPool.close`` so it can actually safely be called by subclasses. (Issue #873) * Retain ``release_conn`` state across retries. (Issues #651, #866) * Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to ``HTTPResponse`` but can be replaced with a subclass. (Issue #879) - Use pypi.io as Source url ------------------------------------------------------------------- Fri May 20 07:19:50 UTC 2016 - dmueller@suse.com - update to 1.15.1: * Fix packaging to include backports module. (Issue #841) * Added Retry(raise_on_status=False). (Issue #720) * Always use setuptools, no more distutils fallback. (Issue #785) * Dropped support for Python 3.2. (Issue #786) * Chunked transfer encoding when requesting with ``chunked=True``. * Fixed regression with IPv6 port parsing. (Issue #801) * Append SNIMissingWarning messages to allow users to specify it in the PYTHONWARNINGS environment variable. (Issue #816) * Handle unicode headers in Py2. (Issue #818) * Log certificate when there is a hostname mismatch. (Issue #820) * Preserve order of request/response headers. (Issue #821) ------------------------------------------------------------------- Wed Mar 2 15:54:26 UTC 2016 - jmatejek@suse.com - change Requires on pyopenssl, pyasn1 into Recommends, add ndg-httpsclient as well (these are dependencies of urrlib3's pyopenssl module, which can be used if native python's ssl capabilities are not good enough) ------------------------------------------------------------------- Thu Feb 11 13:55:13 UTC 2016 - aplanas@suse.com - Update 1.14 source tar.gz from the source * Rebase urllib3-test-no-coverage.patch ------------------------------------------------------------------- Tue Jan 5 14:40:22 UTC 2016 - hpj@urpla.net - Update to Version 1.14 (2015-12-29) * contrib: SOCKS proxy support! (Issue #762) * Fixed AppEngine handling of transfer-encoding header and bug in Timeout defaults checking. (Issue #763) - Update to Version 1.13.1 (2015-12-18) * Fixed regression in IPv6 + SSL for match_hostname. (Issue #761) - Update to Version 1.13 (2015-12-14) * Fixed pip install urllib3[secure] on modern pip. (Issue #706) * pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717) * pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696) * Close connections more defensively on exception. (Issue #734) * Adjusted read_chunked to handle gzipped, chunk-encoded bodies without repeatedly flushing the decoder, to function better on Jython. (Issue #743) * Accept ca_cert_dir for SSL-related PoolManager configuration. (Issue #758) - removed ready-event.patch: applied upstream - disabled more dysfunctional tests ------------------------------------------------------------------- Mon Nov 16 17:31:38 UTC 2015 - hpj@urpla.net - restored ability to build with openSUSE <= 13.2 ------------------------------------------------------------------- Wed Oct 27 16:33:44 UTC 2015 - jmatejek@suse.com - removed python-certifi dependency, we don't want to use it - drop 0001-Don-t-pin-dependency-to-exact-version.patch because it's not needed anymore - re-enable tests, re-add relevant dependencies * don't exclude test_util.py * exclude proxy timeout tests that fail for spurious reasons - urllib3-ssl-default-context.patch - use set_default_verify_paths() if no certificate path specified and verification not explicitly disabled - urllib3-test-ssl-drop-sslv3.patch - don't use "SSLv3" constants in python 2.7.9 and up - ready-event.patch - fix race conditions in timeout tests - drop %pre section because apparently "egg-info as file" is no longer true and this breaks builds ------------------------------------------------------------------- Wed Oct 14 09:35:30 UTC 2015 - toddrme2178@gmail.com - Delete the system egg-info during pre phase: older versions of the package installed it as a directory, the latest update creates a file, and rpm has known issues with replacing this. ------------------------------------------------------------------- Tue Oct 6 15:03:05 UTC 2015 - hpj@urpla.net - add python-pyOpenSSL, python-certifi and python-pyasn1 requirements ------------------------------------------------------------------- Tue Oct 6 12:46:25 UTC 2015 - hpj@urpla.net - Comment out test requirements, as tests are disabled anyway, and one of these packages depend on python-requests, which depends on this package resulting in a circular dependency for openSUSE <= 13.1 ------------------------------------------------------------------- Fri Sep 25 11:24:49 UTC 2015 - p.drouand@gmail.com - Update to version 1.12 * Rely on six for importing httplib to work around conflicts with other Python 3 shims. (Issue #688) * Add support for directories of certificate authorities, as supported by OpenSSL. (Issue #701) * New exception: NewConnectionError, raised when we fail to establish a new connection, usually ECONNREFUSED socket error. - Fix version dependencies - Add new build requirements following upstream changes * python-nose-exclude * python-tox * python-twine * python-wheel - Update 0001-Don-t-pin-dependency-to-exact-version.patch - Disable tests for now, as there require network ------------------------------------------------------------------- Thu Sep 11 12:38:13 UTC 2014 - toddrme2178@gmail.com - Remove upstreamed 0001-Don-t-install-dummyserver-into-site-packages.patch - Rebase 0001-Don-t-pin-dependency-to-exact-version.patch and urllib3-test-no-coverage.patch - Update to version 1.9 (2014-07-04) * Shuffled around development-related files. If you're maintaining a distro package of urllib3, you may need to tweak things. (Issue #415) * Unverified HTTPS requests will trigger a warning on the first request. See our new security documentation for details. (Issue #426) * New retry logic and urllib3.util.retry.Retry configuration object. (Issue #326) * All raised exceptions should now wrapped in a urllib3.exceptions.HTTPException-extending exception. (Issue #326) * All errors during a retry-enabled request should be wrapped in urllib3.exceptions.MaxRetryError, including timeout-related exceptions which were previously exempt. Underlying error is accessible from the .reason propery. (Issue #326) * urllib3.exceptions.ConnectionError renamed to urllib3.exceptions.ProtocolError. (Issue #326) * Errors during response read (such as IncompleteRead) are now wrapped in urllib3.exceptions.ProtocolError. (Issue #418) * Requesting an empty host will raise urllib3.exceptions.LocationValueError. (Issue #417) * Catch read timeouts over SSL connections as urllib3.exceptions.ReadTimeoutError. (Issue #419) * Apply socket arguments before connecting. (Issue #427) - Update to version 1.8.3 (2014-06-23) * Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385) * Add disable_cache option to urllib3.util.make_headers. (Issue #393) * Wrap socket.timeout exception with urllib3.exceptions.ReadTimeoutError. (Issue #399) * Fixed proxy-related bug where connections were being reused incorrectly. (Issues #366, #369) * Added socket_options keyword parameter which allows to define setsockopt configuration of new sockets. (Issue #397) * Removed HTTPConnection.tcp_nodelay in favor of HTTPConnection.default_socket_options. (Issue #397) * Fixed TypeError bug in Python 2.6.4. (Issue #411) - Update to version 1.8.2 (2014-04-17) * Fix urllib3.util not being included in the package. - Update to version 1.8.1 (2014-04-17) * Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356) * Don't install dummyserver into site-packages as it's only needed for the test suite. (Issue #362) * Added support for specifying source_address. (Issue #352) ------------------------------------------------------------------- Thu Mar 20 15:18:55 UTC 2014 - speilicke@suse.com - Update to version 1.8: * Improved url parsing in urllib3.util.parse_url (properly parse '@' in username, and blank ports like 'hostname:'). * New urllib3.connection module which contains all the HTTPConnection objects. * Several urllib3.util.Timeout-related fixes. Also changed constructor signature to a more sensible order. [Backwards incompatible] (Issues #252, #262, #263) * Use backports.ssl_match_hostname if it's installed. (Issue #274) * Added .tell() method to urllib3.response.HTTPResponse which returns the number of bytes read so far. (Issue #277) * Support for platforms without threading. (Issue #289) * Expand default-port comparison in HTTPConnectionPool.is_same_host to allow a pool with no specified port to be considered equal to to an HTTP/HTTPS url with port 80/443 explicitly provided. (Issue #305) * Improved default SSL/TLS settings to avoid vulnerabilities. (Issue #309) * Fixed urllib3.poolmanager.ProxyManager not retrying on connect errors. (Issue #310) * Disable Nagle's Algorithm on the socket for non-proxies. A subset of requests will send the entire HTTP request ~200 milliseconds faster; however, some of the resulting TCP packets will be smaller. (Issue #254) * Increased maximum number of SubjectAltNames in urllib3.contrib.pyopenssl from the default 64 to 1024 in a single certificate. (Issue #318) * Headers are now passed and stored as a custom urllib3.collections_.HTTPHeaderDict object rather than a plain dict. (Issue #329, #333) * Headers no longer lose their case on Python 3. (Issue #236) * urllib3.contrib.pyopenssl now uses the operating system's default CA certificates on inject. (Issue #332) * Requests with retries=False will immediately raise any exceptions without wrapping them in MaxRetryError. (Issue #348) * Fixed open socket leak with SSL-related failures. (Issue #344, #348) - Run testsuite (without coverage) + urllib3-test-no-coverage.patch - Fix superfluous dependencies and allow later version + 0001-Don-t-pin-dependency-to-exact-version.patch - Drop dummyserver module, this really is documentation + 0001-Don-t-install-dummyserver-into-site-packages.patch ------------------------------------------------------------------- Fri Nov 15 21:32:46 UTC 2013 - p.drouand@gmail.com - Update to version 1.7.1 + Added granular timeout support with new urllib3.util.Timeout class. (Issue #231) + Fixed Python 3.4 support. (Issue #238) - Changes from 1.7 + More exceptions are now pickle-able, with tests. (Issue #174) + Fixed redirecting with relative URLs in Location header. (Issue #178) + Support for relative urls in Location: ... header. (Issue #179) + urllib3.response.HTTPResponse now inherits from io.IOBase for bonus file-like functionality. (Issue #187) + Passing assert_hostname=False when creating a HTTPSConnectionPool will skip hostname verification for SSL connections. (Issue #194) + New method urllib3.response.HTTPResponse.stream(...) which acts as a generator wrapped around .read(...). (Issue #198) + IPv6 url parsing enforces brackets around the hostname. (Issue #199) + Fixed thread race condition in urllib3.poolmanager.PoolManager.connection_from_host(...) (Issue #204) + ProxyManager requests now include non-default port in Host: ... header. (Issue #217) + Added HTTPS proxy support in ProxyManager. (Issue #170 #139) + New RequestField object can be passed to the fields=... param which can specify headers. (Issue #220) + Raise urllib3.exceptions.ProxyError when connecting to proxy fails. (Issue #221) + Use international headers when posting file names. (Issue #119) + Improved IPv6 support. (Issue #203) - Add documentation from tarball ------------------------------------------------------------------- Sun Jul 14 04:51:43 UTC 2013 - alexandre@exatati.com.br - Initial package (1.6) for openSUSE.