- Update to 1.25.5:

* Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using cert_reqs=CERT_NONE. (Issue #1682)
  * Propagate Retry-After header settings to subsequent retries. (Pull #1607)
  * Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull #1607)
  * Remove dependency on rfc3986 for URL parsing.
  * Fix issue where URLs containing invalid characters within Url.auth would raise an exception instead of percent-encoding those characters.
  * Add support for HTTPResponse.auto_close = False which makes HTTP responses work well with BufferedReaders and other io module features. (Pull #1652)
  * Percent-encode invalid characters in URL for HTTPConnectionPool.request() (Pull #1673)
- Drop patch urllib3-ssl-default-context.patch
- Drop patch python-urllib3-recent-date.patch the date is recent
  enough on its own

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-urllib3?expand=0&rev=84

python-urllib3-recent-date.patch

@@ -1,26 +0,0 @@
-From fc27a8ed4203084c97fd1260d2566255c35ca945 Mon Sep 17 00:00:00 2001
-From: Dominique Leuenberger <dimstar@opensuse.org>
-Date: Sun, 31 Dec 2017 15:11:16 +0100
-Subject: [PATCH] Move RECENT_DATE to 2017-06-30
-
-The test suite expects the current date to be no more than two years in the future
-of RECENT_DATE, which just serves as a reference point.
-
-Also clarify the comment about how to update RECENT_DATE
-
-Fixes #1303
----
- src/urllib3/connection.py | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
---- a/src/urllib3/connection.py
-+++ b/src/urllib3/connection.py
-@@ -59,7 +59,7 @@ port_by_scheme = {
- # and not less than 6 months ago.
- # Example: if Today is 2018-01-01, then RECENT_DATE should be any date on or
- # after 2016-01-01 (today - 2 years) AND before 2017-07-01 (today - 6 months)
--RECENT_DATE = datetime.date(2017, 6, 30)
-+RECENT_DATE = datetime.date(2018, 1, 30)
- 
- 
- class DummyConnection(object):

python-urllib3.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Sep 20 12:14:13 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
+
+- Update to 1.25.5:
+  * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using cert_reqs=CERT_NONE. (Issue #1682)
+  * Propagate Retry-After header settings to subsequent retries. (Pull #1607)
+  * Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull #1607)
+  * Remove dependency on rfc3986 for URL parsing.
+  * Fix issue where URLs containing invalid characters within Url.auth would raise an exception instead of percent-encoding those characters.
+  * Add support for HTTPResponse.auto_close = False which makes HTTP responses work well with BufferedReaders and other io module features. (Pull #1652)
+  * Percent-encode invalid characters in URL for HTTPConnectionPool.request() (Pull #1673)
+- Drop patch urllib3-ssl-default-context.patch
+- Drop patch python-urllib3-recent-date.patch the date is recent
+  enough on its own
+
 -------------------------------------------------------------------
 Sat Sep 14 02:58:42 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
 

python-urllib3.spec

@@ -28,7 +28,7 @@
 %endif
 %bcond_without python2
 Name:           python-urllib3%{psuffix}
-Version:        1.25.3
+Version:        1.25.5
 Release:        0
 Summary:        HTTP library with thread-safe connection pooling, file post, and more
 License:        MIT
@@ -37,24 +37,16 @@ URL:            https://urllib3.readthedocs.org/
 Source:         https://files.pythonhosted.org/packages/source/u/urllib3/urllib3-%{version}.tar.gz
 # Wrapper for ssl to unbundle ssl_match_hostname
 Source1:        ssl_match_hostname_py3.py
-# PATCH-FEATURE-UPSTREAM -- use set_default_verify_paths() if no certificate path is supplied
-# should be removed in the future, see SR#437853
-Patch0:         urllib3-ssl-default-context.patch
-# PATCH-FIX-UPSTREAM python-urllib3-recent-date.patch gh#shazow/urllib3#1303, boo#1074247 dimstar@opensuse.org -- Fix test suite, use correct date
-Patch1:         python-urllib3-recent-date.patch
-BuildRequires:  %{python_module PySocks}
-BuildRequires:  %{python_module psutil}
-BuildRequires:  %{python_module rfc3986}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module six}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 #!BuildIgnore:  python-requests
 Requires:       ca-certificates-mozilla
-Requires:       python-cryptography
-Requires:       python-idna
+Requires:       python-certifi
+Requires:       python-cryptography >= 1.3.4
+Requires:       python-idna >= 2.0.0
 Requires:       python-pyOpenSSL
-Requires:       python-rfc3986
 Requires:       python-six
 BuildArch:      noarch
 # for SSL module on older distros
@@ -69,15 +61,21 @@ BuildRequires:  python-ipaddress
 Requires:       python-backports.ssl_match_hostname
 %endif
 %if %{with test}
-BuildRequires:  %{python_module brotlipy}
-BuildRequires:  %{python_module idna}
+BuildRequires:  %{python_module PySocks}
+BuildRequires:  %{python_module brotlipy >= 0.6.0}
+BuildRequires:  %{python_module certifi}
+BuildRequires:  %{python_module cryptography >= 1.3.4}
+BuildRequires:  %{python_module idna >= 2.0.0}
 BuildRequires:  %{python_module mock >= 1.3.0}
-BuildRequires:  %{python_module pytest < 4.0}
+BuildRequires:  %{python_module psutil}
+BuildRequires:  %{python_module pytest}
+BuildRequires:  %{python_module six}
 BuildRequires:  %{python_module tornado >= 4.2.1}
 BuildRequires:  %{python_module urllib3 >= %{version}}
 %endif
 %if 0%{?suse_version} >= 1000 || 0%{?fedora_version} >= 24
-Recommends:     python-brotlipy
+Recommends:     python-PySocks >= 1.5.6
+Recommends:     python-brotlipy >= 0.6.0
 %endif
 %ifpython2
 Requires:       python-ipaddress
@@ -104,7 +102,6 @@ Highlights
 
 %prep
 %setup -q -n urllib3-%{version}
-%autopatch -p1
 find . -type f -exec chmod a-x '{}' \;
 find . -name __pycache__ -type d -exec rm -fr {} +
 
@@ -130,7 +127,6 @@ $python -O -m compileall -d %{$python_sitelib} %{buildroot}%{$python_sitelib}/ur
 # Unbundle the Python 2 build
 rm -rf %{buildroot}/%{python2_sitelib}/urllib3/packages/six.py*
 rm -rf %{buildroot}/%{python2_sitelib}/urllib3/packages/ssl_match_hostname/
-rm -rf %{buildroot}/%{python2_sitelib}/urllib3/packages/rfc3986/
 
 mkdir -p %{buildroot}/%{python2_sitelib}/urllib3/packages/
 ln -s %{python2_sitelib}/six.py %{buildroot}/%{python2_sitelib}/urllib3/packages/six.py
@@ -138,8 +134,6 @@ ln -s %{python2_sitelib}/six.pyc %{buildroot}/%{python2_sitelib}/urllib3/package
 ln -s %{python2_sitelib}/six.pyo %{buildroot}/%{python2_sitelib}/urllib3/packages/six.pyo
 ln -s %{python2_sitelib}/backports/ssl_match_hostname \
       %{buildroot}/%{python2_sitelib}/urllib3/packages/ssl_match_hostname
-ln -s %{python2_sitelib}/rfc3986/ \
-      %{buildroot}/%{python2_sitelib}/urllib3/packages/rfc3986
 %endif
 
 %if 0%{?have_python3} && ! 0%{?skip_python3}
@@ -147,7 +141,6 @@ ln -s %{python2_sitelib}/rfc3986/ \
 rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/six.py*
 rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/six*
 rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname/
-rm -rf %{buildroot}/%{python3_sitelib}/urllib3/packages/rfc3986/
 
 mkdir -p %{buildroot}/%{python3_sitelib}/urllib3/packages/
 cp -a %{SOURCE1} %{buildroot}/%{python3_sitelib}/urllib3/packages/ssl_match_hostname.py
@@ -156,8 +149,6 @@ ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.opt-1
       %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/
 ln -s %{python3_sitelib}/__pycache__/six.cpython-%{python3_version_nodots}.pyc \
       %{buildroot}/%{python3_sitelib}/urllib3/packages/__pycache__/
-ln -s %{python3_sitelib}/rfc3986/ \
-      %{buildroot}/%{python3_sitelib}/urllib3/packages/rfc3986
 %endif
 
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
@@ -182,17 +173,12 @@ case $(uname -m) in
 ppc*)
 skiplist="$skiplist and not test_select_timing and not test_select_multiple_interrupts_with_event and not test_interrupt_wait_for_read_with_event and not test_select_interrupt_with_event";;
 esac
-# the tls13 tests are not run in upstream travis and they fail for us
-# lets wait for upstream to sort it out first
-skiplist="$skiplist and not test_set_ssl_version_to_tls_version"
 # the certificate validation is much stricter in new openssl so skip
 # tests which would not validate it
 skiplist="$skiplist and not test_client_no_intermediate"
-# we have patch to fix source address errors in python and raise different
-# error than urllib3 expects in its tests
-skiplist="$skiplist and not test_source_address_error"
 
 export PYTHONDONTWRITEBYTECODE=1
+export LANG="en_US.UTF8"
 %pytest -k "${skiplist}"
 %endif
 

urllib3-1.25.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:dbe59173209418ae49d485b87d1681aefa36252ee85884c31346debd19463232
-size 262150

urllib3-1.25.5.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2f3eadfea5d92bc7899e75b5968410b749a054b492d5a6379c1344a1481bc2cb
+size 248169

urllib3-ssl-default-context.patch

@@ -1,13 +0,0 @@
-Index: urllib3-1.25/src/urllib3/util/ssl_.py
-===================================================================
---- urllib3-1.25.orig/src/urllib3/util/ssl_.py
-+++ urllib3-1.25/src/urllib3/util/ssl_.py
-@@ -333,6 +333,8 @@ def ssl_wrap_socket(sock, keyfile=None,
-     elif ssl_context is None and hasattr(context, 'load_default_certs'):
-         # try to load OS default certs; works well on Windows (require Python3.4+)
-         context.load_default_certs()
-+    elif cert_reqs != ssl.CERT_NONE and hasattr(context, 'set_default_verify_paths'):
-+        context.set_default_verify_paths()
- 
-     # Attempt to detect if we get the goofy behavior of the
-     # keyfile being encrypted and OpenSSL asking for the