- Do not ignore deprecation warnings, the testsuite explicitly
clears all warnings multiple times.
- Add patch filter-pyopenssl-deprecationwarning.patch:
* Explicitly filter out new DeprecationWarnings raised by PyOpenSSL 25.1+
old: openSUSE:Factory/python-urllib3_1
new: devel:languages:python/python-urllib3_1 rev None
Index: python-urllib3_1.changes
===================================================================
--- python-urllib3_1.changes (revision 11)
+++ python-urllib3_1.changes (revision 30)
@@ -1,4 +1,17 @@
-------------------------------------------------------------------
+Tue Aug 5 05:58:09 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Do not ignore deprecation warnings, the testsuite explicitly
+ clears all warnings multiple times.
+- Add patch filter-pyopenssl-deprecationwarning.patch:
+ * Explicitly filter out new DeprecationWarnings raised by PyOpenSSL 25.1+
+
+-------------------------------------------------------------------
+Thu Jul 17 20:28:07 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- ignore deprecation warnings
+
+-------------------------------------------------------------------
Wed Jun 25 05:18:37 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
- Add patch CVE-2025-50181-poolmanager-redirects.patch:
@@ -71,7 +84,7 @@
-------------------------------------------------------------------
Mon May 15 13:52:10 UTC 2023 - Dirk Müller <dmueller@suse.com>
-- rename to python-urllib3_1
+- rename to python-urllib3_1
-------------------------------------------------------------------
Fri Apr 21 12:38:19 UTC 2023 - Dirk Müller <dmueller@suse.com>
@@ -198,7 +211,7 @@
- update to 1.26.6
* Deprecated the urllib3.contrib.ntlmpool module.
- * Changed HTTPConnection.request_chunked() to not erroneously emit multiple
+ * Changed HTTPConnection.request_chunked() to not erroneously emit multiple
Transfer-Encoding headers in the case that one is already specified.
* Fixed typo in deprecation message to recommend Retry.DEFAULT_ALLOWED_METHODS.
@@ -280,7 +293,7 @@
``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)``
(Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed**
* Added default ``User-Agent`` header to every request (Pull #1750)
- * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
+ * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
and ``Host`` headers from being automatically emitted with requests (Pull #2018)
* Collapse ``transfer-encoding: chunked`` request data and framing into
the same ``socket.send()`` call (Pull #1906)
@@ -573,7 +586,7 @@
- add 1414.patch - fix tests with new tornado
- refresh python-urllib3-recent-date.patch
- drop urllib3-test-no-coverage.patch
- * Allow providing a list of headers to strip from requests when redirecting
+ * Allow providing a list of headers to strip from requests when redirecting
to a different host. Defaults to the Authorization header. Different
headers can be set via Retry.remove_headers_on_redirect.
* Fix util.selectors._fileobj_to_fd to accept long
@@ -921,9 +934,9 @@
* pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696)
* Close connections more defensively on exception. (Issue #734)
* Adjusted read_chunked to handle gzipped, chunk-encoded bodies
- without repeatedly flushing the decoder, to function better on
+ without repeatedly flushing the decoder, to function better on
Jython. (Issue #743)
- * Accept ca_cert_dir for SSL-related PoolManager configuration.
+ * Accept ca_cert_dir for SSL-related PoolManager configuration.
(Issue #758)
- removed ready-event.patch: applied upstream
@@ -963,12 +976,12 @@
-------------------------------------------------------------------
Tue Oct 6 15:03:05 UTC 2015 - hpj@urpla.net
-- add python-pyOpenSSL, python-certifi and python-pyasn1 requirements
+- add python-pyOpenSSL, python-certifi and python-pyasn1 requirements
-------------------------------------------------------------------
Tue Oct 6 12:46:25 UTC 2015 - hpj@urpla.net
-- Comment out test requirements, as tests are disabled anyway, and
+- Comment out test requirements, as tests are disabled anyway, and
one of these packages depend on python-requests, which depends on
this package resulting in a circular dependency for openSUSE <= 13.1
@@ -978,9 +991,9 @@
- Update to version 1.12
* Rely on six for importing httplib to work around conflicts with
other Python 3 shims. (Issue #688)
- * Add support for directories of certificate authorities, as
+ * Add support for directories of certificate authorities, as
supported by OpenSSL. (Issue #701)
- * New exception: NewConnectionError, raised when we fail to
+ * New exception: NewConnectionError, raised when we fail to
establish a new connection, usually ECONNREFUSED socket error.
- Fix version dependencies
- Add new build requirements following upstream changes
@@ -988,7 +1001,7 @@
* python-tox
* python-twine
* python-wheel
-- Update 0001-Don-t-pin-dependency-to-exact-version.patch
+- Update 0001-Don-t-pin-dependency-to-exact-version.patch
- Disable tests for now, as there require network
-------------------------------------------------------------------
@@ -998,42 +1011,42 @@
- Rebase 0001-Don-t-pin-dependency-to-exact-version.patch and
urllib3-test-no-coverage.patch
- Update to version 1.9 (2014-07-04)
- * Shuffled around development-related files.
- If you're maintaining a distro package of urllib3, you may need
+ * Shuffled around development-related files.
+ If you're maintaining a distro package of urllib3, you may need
to tweak things. (Issue #415)
- * Unverified HTTPS requests will trigger a warning on the first
+ * Unverified HTTPS requests will trigger a warning on the first
request. See our new security documentation for details.
(Issue #426)
- * New retry logic and urllib3.util.retry.Retry configuration
+ * New retry logic and urllib3.util.retry.Retry configuration
object. (Issue #326)
- * All raised exceptions should now wrapped in a
- urllib3.exceptions.HTTPException-extending exception.
+ * All raised exceptions should now wrapped in a
+ urllib3.exceptions.HTTPException-extending exception.
(Issue #326)
* All errors during a retry-enabled request should be wrapped in
- urllib3.exceptions.MaxRetryError, including timeout-related
- exceptions which were previously exempt. Underlying error is
+ urllib3.exceptions.MaxRetryError, including timeout-related
+ exceptions which were previously exempt. Underlying error is
accessible from the .reason propery. (Issue #326)
- * urllib3.exceptions.ConnectionError renamed to
+ * urllib3.exceptions.ConnectionError renamed to
urllib3.exceptions.ProtocolError. (Issue #326)
* Errors during response read (such as IncompleteRead) are now
wrapped in urllib3.exceptions.ProtocolError. (Issue #418)
- * Requesting an empty host will raise
+ * Requesting an empty host will raise
urllib3.exceptions.LocationValueError. (Issue #417)
- * Catch read timeouts over SSL connections as
+ * Catch read timeouts over SSL connections as
urllib3.exceptions.ReadTimeoutError. (Issue #419)
* Apply socket arguments before connecting. (Issue #427)
- Update to version 1.8.3 (2014-06-23)
- * Fix TLS verification when using a proxy in Python 3.4.1.
+ * Fix TLS verification when using a proxy in Python 3.4.1.
(Issue #385)
- * Add disable_cache option to urllib3.util.make_headers.
+ * Add disable_cache option to urllib3.util.make_headers.
(Issue #393)
- * Wrap socket.timeout exception with
+ * Wrap socket.timeout exception with
urllib3.exceptions.ReadTimeoutError. (Issue #399)
- * Fixed proxy-related bug where connections were being reused
+ * Fixed proxy-related bug where connections were being reused
incorrectly. (Issues #366, #369)
- * Added socket_options keyword parameter which allows to define
+ * Added socket_options keyword parameter which allows to define
setsockopt configuration of new sockets. (Issue #397)
- * Removed HTTPConnection.tcp_nodelay in favor of
+ * Removed HTTPConnection.tcp_nodelay in favor of
HTTPConnection.default_socket_options. (Issue #397)
* Fixed TypeError bug in Python 2.6.4. (Issue #411)
- Update to version 1.8.2 (2014-04-17)
@@ -1041,7 +1054,7 @@
- Update to version 1.8.1 (2014-04-17)
* Fix AppEngine bug of HTTPS requests going out as HTTP.
(Issue #356)
- * Don't install dummyserver into site-packages as it's only
+ * Don't install dummyserver into site-packages as it's only
needed for the test suite. (Issue #362)
* Added support for specifying source_address. (Issue #352)
Index: python-urllib3_1.spec
===================================================================
--- python-urllib3_1.spec (revision 11)
+++ python-urllib3_1.spec (revision 30)
@@ -1,7 +1,7 @@
#
# spec file for package python-urllib3_1
#
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -37,6 +37,8 @@
Patch0: remove_mock.patch
# PATCH-FIX-UPSTREAM CVE-2025-50181 gh#urllib3/urllib3@f05b1329126d, bsc#1244925
Patch1: CVE-2025-50181-poolmanager-redirects.patch
+# PATCH-FIX-OPENSUSE Explicitly ignore new DeprecationWarning from PyOpenSSL 25.1+
+Patch2: filter-pyopenssl-deprecationwarning.patch
BuildRequires: %{python_module base >= 3.7}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools}
Index: filter-pyopenssl-deprecationwarning.patch
===================================================================
--- filter-pyopenssl-deprecationwarning.patch (added)
+++ filter-pyopenssl-deprecationwarning.patch (revision 30)
@@ -0,0 +1,133 @@
+Index: urllib3-1.26.20/test/with_dummyserver/test_https.py
+===================================================================
+--- urllib3-1.26.20.orig/test/with_dummyserver/test_https.py
++++ urllib3-1.26.20/test/with_dummyserver/test_https.py
+@@ -215,6 +215,10 @@ class TestHTTPS(HTTPSDummyServerTestCase
+ assert conn.__class__ == VerifiedHTTPSConnection
+
+ with warnings.catch_warnings(record=True) as w:
++ # Filter PyOpenSSL 25.1+ DeprecationWarning
++ warnings.filterwarnings(
++ "ignore", message="Attempting to mutate a Context after", category=DeprecationWarning
++ )
+ r = https_pool.request("GET", "/")
+ assert r.status == 200
+
+@@ -245,6 +249,13 @@ class TestHTTPS(HTTPSDummyServerTestCase
+ r = https_pool.request("GET", "/")
+ assert r.status == 200
+
++ # Filter PyOpenSSL 25.1+ DeprecationWarning
++ calls = warn.call_args_list
++ calls = [
++ call for call in calls if call[0][1] != DeprecationWarning and
++ not call[0][0].startswith("Attempting to mutate a Context")
++ ]
++
+ # Modern versions of Python, or systems using PyOpenSSL, don't
+ # emit warnings.
+ if (
+@@ -252,7 +263,7 @@ class TestHTTPS(HTTPSDummyServerTestCase
+ or util.IS_PYOPENSSL
+ or util.IS_SECURETRANSPORT
+ ):
+- assert not warn.called, warn.call_args_list
++ assert not calls
+ else:
+ assert warn.called
+ if util.HAS_SNI:
+@@ -274,6 +285,13 @@ class TestHTTPS(HTTPSDummyServerTestCase
+ r = https_pool.request("GET", "/")
+ assert r.status == 200
+
++ # Filter PyOpenSSL 25.1+ DeprecationWarning
++ calls = warn.call_args_list
++ calls = [
++ call for call in calls if call[0][1] != DeprecationWarning and
++ not call[0][0].startswith("Attempting to mutate a Context")
++ ]
++
+ # Modern versions of Python, or systems using PyOpenSSL, don't
+ # emit warnings.
+ if (
+@@ -281,7 +299,7 @@ class TestHTTPS(HTTPSDummyServerTestCase
+ or util.IS_PYOPENSSL
+ or util.IS_SECURETRANSPORT
+ ):
+- assert not warn.called, warn.call_args_list
++ assert not calls
+ else:
+ assert warn.called
+ if util.HAS_SNI:
+@@ -306,6 +324,10 @@ class TestHTTPS(HTTPSDummyServerTestCase
+ assert conn.__class__ == VerifiedHTTPSConnection
+
+ with warnings.catch_warnings(record=True) as w:
++ # Filter PyOpenSSL 25.1+ DeprecationWarning
++ warnings.filterwarnings(
++ "ignore", message="Attempting to mutate a Context after", category=DeprecationWarning
++ )
+ r = https_pool.request("GET", "/")
+ assert r.status == 200
+
+@@ -412,6 +434,12 @@ class TestHTTPS(HTTPSDummyServerTestCase
+ # warnings, which we want to ignore here.
+ calls = warn.call_args_list
+
++ # Filter PyOpenSSL 25.1+ DeprecationWarning
++ calls = [
++ call for call in calls if call[0][1] != DeprecationWarning and
++ not call[0][0].startswith("Attempting to mutate a Context")
++ ]
++
+ # If we're using a deprecated TLS version we can remove 'DeprecationWarning'
+ if self.tls_protocol_deprecated():
+ calls = [call for call in calls if call[0][1] != DeprecationWarning]
+@@ -687,6 +715,11 @@ class TestHTTPS(HTTPSDummyServerTestCase
+ def _request_without_resource_warnings(self, method, url):
+ with warnings.catch_warnings(record=True) as w:
+ warnings.simplefilter("always")
++ # Filter PyOpenSSL 25.1+ DeprecationWarning
++ warnings.filterwarnings(
++ "ignore", message="Attempting to mutate a Context after",
++ category=DeprecationWarning
++ )
+ with HTTPSConnectionPool(
+ self.host, self.port, ca_certs=DEFAULT_CA
+ ) as https_pool:
+@@ -742,6 +775,11 @@ class TestHTTPS(HTTPSDummyServerTestCase
+ conn = https_pool._get_conn()
+ try:
+ with warnings.catch_warnings(record=True) as w:
++ # Filter PyOpenSSL 25.1+ DeprecationWarning
++ warnings.filterwarnings(
++ "ignore", message="Attempting to mutate a Context after",
++ category=DeprecationWarning
++ )
+ conn.connect()
+ if not hasattr(conn.sock, "version"):
+ pytest.skip("SSLSocket.version() not available")
+@@ -769,6 +807,11 @@ class TestHTTPS(HTTPSDummyServerTestCase
+ conn = https_pool._get_conn()
+ try:
+ with warnings.catch_warnings(record=True) as w:
++ # Filter PyOpenSSL 25.1+ DeprecationWarning
++ warnings.filterwarnings(
++ "ignore", message="Attempting to mutate a Context after",
++ category=DeprecationWarning
++ )
+ conn.connect()
+ finally:
+ conn.close()
+@@ -788,6 +831,11 @@ class TestHTTPS(HTTPSDummyServerTestCase
+ conn = https_pool._get_conn()
+ try:
+ with warnings.catch_warnings(record=True) as w:
++ # Filter PyOpenSSL 25.1+ DeprecationWarning
++ warnings.filterwarnings(
++ "ignore", message="Attempting to mutate a Context after",
++ category=DeprecationWarning
++ )
+ conn.connect()
+ finally:
+ conn.close()
OBS-URL: https://build.opensuse.org/request/show/1297619
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3_1?expand=0&rev=12
- rename to python-urllib3_1
* Changed HTTPConnection.request_chunked() to not erroneously emit multiple
* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
* Allow providing a list of headers to strip from requests when redirecting
without repeatedly flushing the decoder, to function better on
* Accept ca_cert_dir for SSL-related PoolManager configuration.
- add python-pyOpenSSL, python-certifi and python-pyasn1 requirements
- Comment out test requirements, as tests are disabled anyway, and
* Add support for directories of certificate authorities, as
* New exception: NewConnectionError, raised when we fail to
- Update 0001-Don-t-pin-dependency-to-exact-version.patch
* Shuffled around development-related files.
If you're maintaining a distro package of urllib3, you may need
* Unverified HTTPS requests will trigger a warning on the first
* New retry logic and urllib3.util.retry.Retry configuration
* All raised exceptions should now wrapped in a
urllib3.exceptions.HTTPException-extending exception.
urllib3.exceptions.MaxRetryError, including timeout-related
exceptions which were previously exempt. Underlying error is
* urllib3.exceptions.ConnectionError renamed to
* Requesting an empty host will raise
* Catch read timeouts over SSL connections as
* Fix TLS verification when using a proxy in Python 3.4.1.
* Add disable_cache option to urllib3.util.make_headers.
* Wrap socket.timeout exception with
* Fixed proxy-related bug where connections were being reused
* Added socket_options keyword parameter which allows to define
* Removed HTTPConnection.tcp_nodelay in favor of
* Don't install dummyserver into site-packages as it's only
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-urllib3_1?expand=0&rev=29
- Update to 1.26.20:
* Fixed a crash where certain standard library hash functions were absent
in FIPS-compliant environments.
* Replaced deprecated dash-separated setuptools entries in setup.cfg.
* Backported changes to our tests and CI configuration from v2.x to
support testing with CPython 3.12 and 3.13.
* Added the Proxy-Authorization header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via Retry.remove_headers_on_redirect.
- Drop patch openssl-3.2.patch:
* No longer required.
OBS-URL: https://build.opensuse.org/request/show/1199801
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3_1?expand=0&rev=9
* Fixed a crash where certain standard library hash functions were absent
in FIPS-compliant environments.
* Replaced deprecated dash-separated setuptools entries in setup.cfg.
* Backported changes to our tests and CI configuration from v2.x to
support testing with CPython 3.12 and 3.13.
* Added the Proxy-Authorization header to the list of headers to strip
from requests when redirecting to a different host. As before, different
headers can be set via Retry.remove_headers_on_redirect.
- Drop patch openssl-3.2.patch:
* No longer required.
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-urllib3_1?expand=0&rev=23
