pool/python-urllib3_1
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

base: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
..
compare: pool:slfo-main
Branches Tags
pool:slfo-main pool:factory pool:slfo-1.2

1 Commits
factory ... slfo-main

Author SHA256 Message Date
nkrapp
c85ae2e45d Add security patches: 
* CVE-2025-66471.patch (bsc#1254867)
* CVE-2025-66418.patch (bsc#1254866)
* CVE-2026-21441.patch (bsc#1256331)
 2026-01-27 13:26:00 +01:00
6 changed files with 107 additions and 429 deletions
Expand all files Collapse all files

230
CVE-2025-50181-poolmanager-redirects.patch
View File

@@ -1,230 +0,0 @@
From f05b1329126d5be6de501f9d1e3e36738bc08857 Mon Sep 17 00:00:00 2001
From: Illia Volochii <illia.volochii@gmail.com>
Date: Wed, 18 Jun 2025 16:25:01 +0300
Subject: [PATCH] Merge commit from fork
* Apply Quentin's suggestion
Co-authored-by: Quentin Pradet <quentin.pradet@gmail.com>
* Add tests for disabled redirects in the pool manager
* Add a possible fix for the issue with not raised `MaxRetryError`
* Make urllib3 handle redirects instead of JS when JSPI is used
* Fix info in the new comment
* State that redirects with XHR are not controlled by urllib3
* Remove excessive params from new test requests
* Add tests reaching max non-0 redirects
* Test redirects with Emscripten
* Fix `test_merge_pool_kwargs`
* Add a changelog entry
* Parametrize tests
* Drop a fix for Emscripten
* Apply Seth's suggestion to docs
Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
* Use a minor release instead of the patch one
---------
Co-authored-by: Quentin Pradet <quentin.pradet@gmail.com>
Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
---
CHANGES.rst | 9 ++
docs/reference/contrib/emscripten.rst | 2 +-
dummyserver/app.py | 1 +
src/urllib3/poolmanager.py | 18 +++-
test/contrib/emscripten/test_emscripten.py | 16 ++++
test/test_poolmanager.py | 5 +-
test/with_dummyserver/test_poolmanager.py | 101 +++++++++++++++++++++
7 files changed, 148 insertions(+), 4 deletions(-)
Index: urllib3-1.26.20/src/urllib3/poolmanager.py
===================================================================
--- urllib3-1.26.20.orig/src/urllib3/poolmanager.py
+++ urllib3-1.26.20/src/urllib3/poolmanager.py
@@ -170,6 +170,22 @@ class PoolManager(RequestMethods):
def __init__(self, num_pools=10, headers=None, **connection_pool_kw):
RequestMethods.__init__(self, headers)
+ if "retries" in connection_pool_kw:
+ retries = connection_pool_kw["retries"]
+ if not isinstance(retries, Retry):
+ # When Retry is initialized, raise_on_redirect is based
+ # on a redirect boolean value.
+ # But requests made via a pool manager always set
+ # redirect to False, and raise_on_redirect always ends
+ # up being False consequently.
+ # Here we fix the issue by setting raise_on_redirect to
+ # a value needed by the pool manager without considering
+ # the redirect boolean.
+ raise_on_redirect = retries is not False
+ retries = Retry.from_int(retries, redirect=False)
+ retries.raise_on_redirect = raise_on_redirect
+ connection_pool_kw = connection_pool_kw.copy()
+ connection_pool_kw["retries"] = retries
self.connection_pool_kw = connection_pool_kw
self.pools = RecentlyUsedContainer(num_pools)
@@ -389,7 +405,7 @@ class PoolManager(RequestMethods):
kw["body"] = None
kw["headers"] = HTTPHeaderDict(kw["headers"])._prepare_for_method_change()
- retries = kw.get("retries")
+ retries = kw.get("retries", response.retries)
if not isinstance(retries, Retry):
retries = Retry.from_int(retries, redirect=redirect)
Index: urllib3-1.26.20/test/test_poolmanager.py
===================================================================
--- urllib3-1.26.20.orig/test/test_poolmanager.py
+++ urllib3-1.26.20/test/test_poolmanager.py
@@ -326,9 +326,10 @@ class TestPoolManager(object):
def test_merge_pool_kwargs(self):
"""Assert _merge_pool_kwargs works in the happy case"""
- p = PoolManager(strict=True)
+ retries = retry.Retry(total=100)
+ p = PoolManager(strict=True, retries=retries)
merged = p._merge_pool_kwargs({"new_key": "value"})
- assert {"strict": True, "new_key": "value"} == merged
+ assert {"retries": retries, "strict": True, "new_key": "value"} == merged
def test_merge_pool_kwargs_none(self):
"""Assert false-y values to _merge_pool_kwargs result in defaults"""
Index: urllib3-1.26.20/test/with_dummyserver/test_poolmanager.py
===================================================================
--- urllib3-1.26.20.orig/test/with_dummyserver/test_poolmanager.py
+++ urllib3-1.26.20/test/with_dummyserver/test_poolmanager.py
@@ -82,6 +82,94 @@ class TestPoolManager(HTTPDummyServerTes
assert r.status == 200
assert r.data == b"Dummy server!"
+ @pytest.mark.parametrize(
+ "retries",
+ (0, Retry(total=0), Retry(redirect=0), Retry(total=0, redirect=0)),
+ )
+ def test_redirects_disabled_for_pool_manager_with_0(
+ self, retries: typing.Literal[0] | Retry
+ ) -> None:
+ """
+ Check handling redirects when retries is set to 0 on the pool
+ manager.
+ """
+ with PoolManager(retries=retries) as http:
+ with pytest.raises(MaxRetryError):
+ http.request("GET", f"{self.base_url}/redirect")
+
+ # Setting redirect=True should not change the behavior.
+ with pytest.raises(MaxRetryError):
+ http.request("GET", f"{self.base_url}/redirect", redirect=True)
+
+ # Setting redirect=False should not make it follow the redirect,
+ # but MaxRetryError should not be raised.
+ response = http.request("GET", f"{self.base_url}/redirect", redirect=False)
+ assert response.status == 303
+
+ @pytest.mark.parametrize(
+ "retries",
+ (
+ False,
+ Retry(total=False),
+ Retry(redirect=False),
+ Retry(total=False, redirect=False),
+ ),
+ )
+ def test_redirects_disabled_for_pool_manager_with_false(
+ self, retries: typing.Literal[False] | Retry
+ ) -> None:
+ """
+ Check that setting retries set to False on the pool manager disables
+ raising MaxRetryError and redirect=True does not change the
+ behavior.
+ """
+ with PoolManager(retries=retries) as http:
+ response = http.request("GET", f"{self.base_url}/redirect")
+ assert response.status == 303
+
+ response = http.request("GET", f"{self.base_url}/redirect", redirect=True)
+ assert response.status == 303
+
+ response = http.request("GET", f"{self.base_url}/redirect", redirect=False)
+ assert response.status == 303
+
+ def test_redirects_disabled_for_individual_request(self) -> None:
+ """
+ Check handling redirects when they are meant to be disabled
+ on the request level.
+ """
+ with PoolManager() as http:
+ # Check when redirect is not passed.
+ with pytest.raises(MaxRetryError):
+ http.request("GET", f"{self.base_url}/redirect", retries=0)
+ response = http.request("GET", f"{self.base_url}/redirect", retries=False)
+ assert response.status == 303
+
+ # Check when redirect=True.
+ with pytest.raises(MaxRetryError):
+ http.request(
+ "GET", f"{self.base_url}/redirect", retries=0, redirect=True
+ )
+ response = http.request(
+ "GET", f"{self.base_url}/redirect", retries=False, redirect=True
+ )
+ assert response.status == 303
+
+ # Check when redirect=False.
+ response = http.request(
+ "GET", f"{self.base_url}/redirect", retries=0, redirect=False
+ )
+ assert response.status == 303
+ response = http.request(
+ "GET", f"{self.base_url}/redirect", retries=False, redirect=False
+ )
+ assert response.status == 303
+
+
+ def test_redirect_cross_host_remove_headers(self) -> None:
+ with PoolManager() as http:
+ r = http.request(
+
def test_cross_host_redirect(self):
with PoolManager() as http:
cross_host_location = "%s/echo?a=b" % self.base_url_alt
@@ -136,6 +224,24 @@ class TestPoolManager(HTTPDummyServerTes
pool = http.connection_from_host(self.host, self.port)
assert pool.num_connections == 1
+ # Check when retries are configured for the pool manager.
+ with PoolManager(retries=1) as http:
+ with pytest.raises(MaxRetryError):
+ http.request(
+ "GET",
+ f"{self.base_url}/redirect",
+ fields={"target": f"/redirect?target={self.base_url}/"},
+ )
+
+ # Here we allow more retries for the request.
+ response = http.request(
+ "GET",
+ f"{self.base_url}/redirect",
+ fields={"target": f"/redirect?target={self.base_url}/"},
+ retries=2,
+ )
+ assert response.status == 200
+
def test_redirect_cross_host_remove_headers(self):
with PoolManager() as http:
r = http.request(

2
CVE-2025-66471.patch
View File

@@ -569,7 +569,7 @@ Index: urllib3-1.26.20/src/urllib3/response.py
+ if not decode_content:
+ if self._has_decoded_content:
+ raise RuntimeError(
+ "Calling read(decode_contennt=False) is not supported after "
+ "Calling read(decode_content=False) is not supported after "
+ "read(decode_content=True) was called."
+ )
+ return data

68
CVE-2026-21441.patch
View File

@@ -19,7 +19,7 @@ Index: urllib3-1.26.20/src/urllib3/response.py
===================================================================
--- urllib3-1.26.20.orig/src/urllib3/response.py
+++ urllib3-1.26.20/src/urllib3/response.py
@@ -476,7 +476,11 @@ class HTTPResponse(io.IOBase):
@@ -477,7 +477,11 @@ class HTTPResponse(io.IOBase):
Unread data in the HTTPResponse connection blocks the connection from being released back to the pool.
"""
try:
@@ -32,6 +32,26 @@ Index: urllib3-1.26.20/src/urllib3/response.py
except (HTTPError, SocketError, BaseSSLError, HTTPException):
pass
@@ -585,6 +589,11 @@ class HTTPResponse(io.IOBase):
Decode the data passed in and potentially flush the decoder.
"""
if not decode_content:
+ if self._has_decoded_content:
+ raise RuntimeError(
+ "Calling read(decode_content=False) is not supported after "
+ "read(decode_content=True) was called."
+ )
return data
if max_length is None or flush_decoder:
@@ -593,6 +602,7 @@ class HTTPResponse(io.IOBase):
try:
if self._decoder:
data = self._decoder.decompress(data, max_length=max_length)
+ self._has_decoded_content = True
except self.DECODER_ERROR_CLASSES as e:
content_encoding = self.headers.get("content-encoding", "").lower()
raise DecodeError(
Index: urllib3-1.26.20/test/with_dummyserver/test_connectionpool.py
===================================================================
--- urllib3-1.26.20.orig/test/with_dummyserver/test_connectionpool.py
@@ -62,3 +82,49 @@ Index: urllib3-1.26.20/test/with_dummyserver/test_connectionpool.py
def test_303_redirect_makes_request_lose_body(self):
with HTTPConnectionPool(self.host, self.port) as pool:
response = pool.request(
Index: urllib3-1.26.20/test/test_response.py
===================================================================
--- urllib3-1.26.20.orig/test/test_response.py
+++ urllib3-1.26.20/test/test_response.py
@@ -632,6 +632,41 @@ class TestResponse(object):
next(reader)
assert re.match("I/O operation on closed file.?", str(ctx.value))
+ def test_read_with_illegal_mix_decode_toggle(self) -> None:
+ compress = zlib.compressobj(6, zlib.DEFLATED, -zlib.MAX_WBITS)
+ data = compress.compress(b"foo")
+ data += compress.flush()
+
+ fp = BytesIO(data)
+
+ resp = HTTPResponse(
+ fp, headers={"content-encoding": "deflate"}, preload_content=False
+ )
+
+ assert resp.read(1) == b"f"
+
+ with pytest.raises(
+ RuntimeError,
+ match=(
+ r"Calling read\(decode_content=False\) is not supported after "
+ r"read\(decode_content=True\) was called"
+ ),
+ ):
+ resp.read(1, decode_content=False)
+
+ def test_read_with_mix_decode_toggle(self) -> None:
+ compress = zlib.compressobj(6, zlib.DEFLATED, -zlib.MAX_WBITS)
+ data = compress.compress(b"foo")
+ data += compress.flush()
+
+ fp = BytesIO(data)
+
+ resp = HTTPResponse(
+ fp, headers={"content-encoding": "deflate"}, preload_content=False
+ )
+ resp.read(1, decode_content=False)
+ assert resp.read(1, decode_content=True) == b"o"
+
def test_streaming(self):
fp = BytesIO(b"foo")
resp = HTTPResponse(fp, preload_content=False)

133
filter-pyopenssl-deprecationwarning.patch
View File

@@ -1,133 +0,0 @@
Index: urllib3-1.26.20/test/with_dummyserver/test_https.py
===================================================================
--- urllib3-1.26.20.orig/test/with_dummyserver/test_https.py
+++ urllib3-1.26.20/test/with_dummyserver/test_https.py
@@ -215,6 +215,10 @@ class TestHTTPS(HTTPSDummyServerTestCase
assert conn.__class__ == VerifiedHTTPSConnection
with warnings.catch_warnings(record=True) as w:
+ # Filter PyOpenSSL 25.1+ DeprecationWarning
+ warnings.filterwarnings(
+ "ignore", message="Attempting to mutate a Context after", category=DeprecationWarning
+ )
r = https_pool.request("GET", "/")
assert r.status == 200
@@ -245,6 +249,13 @@ class TestHTTPS(HTTPSDummyServerTestCase
r = https_pool.request("GET", "/")
assert r.status == 200
+ # Filter PyOpenSSL 25.1+ DeprecationWarning
+ calls = warn.call_args_list
+ calls = [
+ call for call in calls if call[0][1] != DeprecationWarning and
+ not call[0][0].startswith("Attempting to mutate a Context")
+ ]
+
# Modern versions of Python, or systems using PyOpenSSL, don't
# emit warnings.
if (
@@ -252,7 +263,7 @@ class TestHTTPS(HTTPSDummyServerTestCase
or util.IS_PYOPENSSL
or util.IS_SECURETRANSPORT
):
- assert not warn.called, warn.call_args_list
+ assert not calls
else:
assert warn.called
if util.HAS_SNI:
@@ -274,6 +285,13 @@ class TestHTTPS(HTTPSDummyServerTestCase
r = https_pool.request("GET", "/")
assert r.status == 200
+ # Filter PyOpenSSL 25.1+ DeprecationWarning
+ calls = warn.call_args_list
+ calls = [
+ call for call in calls if call[0][1] != DeprecationWarning and
+ not call[0][0].startswith("Attempting to mutate a Context")
+ ]
+
# Modern versions of Python, or systems using PyOpenSSL, don't
# emit warnings.
if (
@@ -281,7 +299,7 @@ class TestHTTPS(HTTPSDummyServerTestCase
or util.IS_PYOPENSSL
or util.IS_SECURETRANSPORT
):
- assert not warn.called, warn.call_args_list
+ assert not calls
else:
assert warn.called
if util.HAS_SNI:
@@ -306,6 +324,10 @@ class TestHTTPS(HTTPSDummyServerTestCase
assert conn.__class__ == VerifiedHTTPSConnection
with warnings.catch_warnings(record=True) as w:
+ # Filter PyOpenSSL 25.1+ DeprecationWarning
+ warnings.filterwarnings(
+ "ignore", message="Attempting to mutate a Context after", category=DeprecationWarning
+ )
r = https_pool.request("GET", "/")
assert r.status == 200
@@ -412,6 +434,12 @@ class TestHTTPS(HTTPSDummyServerTestCase
# warnings, which we want to ignore here.
calls = warn.call_args_list
+ # Filter PyOpenSSL 25.1+ DeprecationWarning
+ calls = [
+ call for call in calls if call[0][1] != DeprecationWarning and
+ not call[0][0].startswith("Attempting to mutate a Context")
+ ]
+
# If we're using a deprecated TLS version we can remove 'DeprecationWarning'
if self.tls_protocol_deprecated():
calls = [call for call in calls if call[0][1] != DeprecationWarning]
@@ -687,6 +715,11 @@ class TestHTTPS(HTTPSDummyServerTestCase
def _request_without_resource_warnings(self, method, url):
with warnings.catch_warnings(record=True) as w:
warnings.simplefilter("always")
+ # Filter PyOpenSSL 25.1+ DeprecationWarning
+ warnings.filterwarnings(
+ "ignore", message="Attempting to mutate a Context after",
+ category=DeprecationWarning
+ )
with HTTPSConnectionPool(
self.host, self.port, ca_certs=DEFAULT_CA
) as https_pool:
@@ -742,6 +775,11 @@ class TestHTTPS(HTTPSDummyServerTestCase
conn = https_pool._get_conn()
try:
with warnings.catch_warnings(record=True) as w:
+ # Filter PyOpenSSL 25.1+ DeprecationWarning
+ warnings.filterwarnings(
+ "ignore", message="Attempting to mutate a Context after",
+ category=DeprecationWarning
+ )
conn.connect()
if not hasattr(conn.sock, "version"):
pytest.skip("SSLSocket.version() not available")
@@ -769,6 +807,11 @@ class TestHTTPS(HTTPSDummyServerTestCase
conn = https_pool._get_conn()
try:
with warnings.catch_warnings(record=True) as w:
+ # Filter PyOpenSSL 25.1+ DeprecationWarning
+ warnings.filterwarnings(
+ "ignore", message="Attempting to mutate a Context after",
+ category=DeprecationWarning
+ )
conn.connect()
finally:
conn.close()
@@ -788,6 +831,11 @@ class TestHTTPS(HTTPSDummyServerTestCase
conn = https_pool._get_conn()
try:
with warnings.catch_warnings(record=True) as w:
+ # Filter PyOpenSSL 25.1+ DeprecationWarning
+ warnings.filterwarnings(
+ "ignore", message="Attempting to mutate a Context after",
+ category=DeprecationWarning
+ )
conn.connect()
finally:
conn.close()

80
python-urllib3_1.changes
View File

@@ -1,31 +1,11 @@
-------------------------------------------------------------------
Wed Jan 21 16:44:35 UTC 2026 - Nico Krapp <nico.krapp@suse.com>
Mon Jan 26 12:25:26 UTC 2026 - Nico Krapp <nico.krapp@suse.com>
- Add security patches:
* CVE-2025-66471.patch (bsc#1254867)
* CVE-2025-66418.patch (bsc#1254866)
* CVE-2026-21441.patch (bsc#1256331)
-------------------------------------------------------------------
Tue Aug 5 05:58:09 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
- Do not ignore deprecation warnings, the testsuite explicitly
clears all warnings multiple times.
- Add patch filter-pyopenssl-deprecationwarning.patch:
* Explicitly filter out new DeprecationWarnings raised by PyOpenSSL 25.1+
-------------------------------------------------------------------
Thu Jul 17 20:28:07 UTC 2025 - Dirk Müller <dmueller@suse.com>
- ignore deprecation warnings
-------------------------------------------------------------------
Wed Jun 25 05:18:37 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
- Add patch CVE-2025-50181-poolmanager-redirects.patch:
* Pool managers now properly control redirects when retries is passed
(CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925)
-------------------------------------------------------------------
Mon May 19 07:29:03 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
@@ -92,7 +72,7 @@ Mon May 22 11:23:33 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
-------------------------------------------------------------------
Mon May 15 13:52:10 UTC 2023 - Dirk Müller <dmueller@suse.com>
- rename to python-urllib3_1
- rename to python-urllib3_1
-------------------------------------------------------------------
Fri Apr 21 12:38:19 UTC 2023 - Dirk Müller <dmueller@suse.com>
@@ -219,7 +199,7 @@ Tue Jul 13 10:53:07 UTC 2021 - Markéta Machová <mmachova@suse.com>
- update to 1.26.6
* Deprecated the urllib3.contrib.ntlmpool module.
* Changed HTTPConnection.request_chunked() to not erroneously emit multiple
* Changed HTTPConnection.request_chunked() to not erroneously emit multiple
Transfer-Encoding headers in the case that one is already specified.
* Fixed typo in deprecation message to recommend Retry.DEFAULT_ALLOWED_METHODS.
@@ -301,7 +281,7 @@ Thu Nov 26 09:02:30 UTC 2020 - Dirk Mueller <dmueller@suse.com>
``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)``
(Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed**
* Added default ``User-Agent`` header to every request (Pull #1750)
* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
and ``Host`` headers from being automatically emitted with requests (Pull #2018)
* Collapse ``transfer-encoding: chunked`` request data and framing into
the same ``socket.send()`` call (Pull #1906)
@@ -594,7 +574,7 @@ Sun Jul 15 22:30:26 UTC 2018 - mimi.vx@gmail.com
- add 1414.patch - fix tests with new tornado
- refresh python-urllib3-recent-date.patch
- drop urllib3-test-no-coverage.patch
* Allow providing a list of headers to strip from requests when redirecting
* Allow providing a list of headers to strip from requests when redirecting
to a different host. Defaults to the Authorization header. Different
headers can be set via Retry.remove_headers_on_redirect.
* Fix util.selectors._fileobj_to_fd to accept long
@@ -942,9 +922,9 @@ Tue Jan 5 14:40:22 UTC 2016 - hpj@urpla.net
* pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696)
* Close connections more defensively on exception. (Issue #734)
* Adjusted read_chunked to handle gzipped, chunk-encoded bodies
without repeatedly flushing the decoder, to function better on
without repeatedly flushing the decoder, to function better on
Jython. (Issue #743)
* Accept ca_cert_dir for SSL-related PoolManager configuration.
* Accept ca_cert_dir for SSL-related PoolManager configuration.
(Issue #758)
- removed ready-event.patch: applied upstream
@@ -984,12 +964,12 @@ Wed Oct 14 09:35:30 UTC 2015 - toddrme2178@gmail.com
-------------------------------------------------------------------
Tue Oct 6 15:03:05 UTC 2015 - hpj@urpla.net
- add python-pyOpenSSL, python-certifi and python-pyasn1 requirements
- add python-pyOpenSSL, python-certifi and python-pyasn1 requirements
-------------------------------------------------------------------
Tue Oct 6 12:46:25 UTC 2015 - hpj@urpla.net
- Comment out test requirements, as tests are disabled anyway, and
- Comment out test requirements, as tests are disabled anyway, and
one of these packages depend on python-requests, which depends on
this package resulting in a circular dependency for openSUSE <= 13.1
@@ -999,9 +979,9 @@ Fri Sep 25 11:24:49 UTC 2015 - p.drouand@gmail.com
- Update to version 1.12
* Rely on six for importing httplib to work around conflicts with
other Python 3 shims. (Issue #688)
* Add support for directories of certificate authorities, as
* Add support for directories of certificate authorities, as
supported by OpenSSL. (Issue #701)
* New exception: NewConnectionError, raised when we fail to
* New exception: NewConnectionError, raised when we fail to
establish a new connection, usually ECONNREFUSED socket error.
- Fix version dependencies
- Add new build requirements following upstream changes
@@ -1009,7 +989,7 @@ Fri Sep 25 11:24:49 UTC 2015 - p.drouand@gmail.com
* python-tox
* python-twine
* python-wheel
- Update 0001-Don-t-pin-dependency-to-exact-version.patch
- Update 0001-Don-t-pin-dependency-to-exact-version.patch
- Disable tests for now, as there require network
-------------------------------------------------------------------
@@ -1019,42 +999,42 @@ Thu Sep 11 12:38:13 UTC 2014 - toddrme2178@gmail.com
- Rebase 0001-Don-t-pin-dependency-to-exact-version.patch and
urllib3-test-no-coverage.patch
- Update to version 1.9 (2014-07-04)
* Shuffled around development-related files.
If you're maintaining a distro package of urllib3, you may need
* Shuffled around development-related files.
If you're maintaining a distro package of urllib3, you may need
to tweak things. (Issue #415)
* Unverified HTTPS requests will trigger a warning on the first
* Unverified HTTPS requests will trigger a warning on the first
request. See our new security documentation for details.
(Issue #426)
* New retry logic and urllib3.util.retry.Retry configuration
* New retry logic and urllib3.util.retry.Retry configuration
object. (Issue #326)
* All raised exceptions should now wrapped in a
urllib3.exceptions.HTTPException-extending exception.
* All raised exceptions should now wrapped in a
urllib3.exceptions.HTTPException-extending exception.
(Issue #326)
* All errors during a retry-enabled request should be wrapped in
urllib3.exceptions.MaxRetryError, including timeout-related
exceptions which were previously exempt. Underlying error is
urllib3.exceptions.MaxRetryError, including timeout-related
exceptions which were previously exempt. Underlying error is
accessible from the .reason propery. (Issue #326)
* urllib3.exceptions.ConnectionError renamed to
* urllib3.exceptions.ConnectionError renamed to
urllib3.exceptions.ProtocolError. (Issue #326)
* Errors during response read (such as IncompleteRead) are now
wrapped in urllib3.exceptions.ProtocolError. (Issue #418)
* Requesting an empty host will raise
* Requesting an empty host will raise
urllib3.exceptions.LocationValueError. (Issue #417)
* Catch read timeouts over SSL connections as
* Catch read timeouts over SSL connections as
urllib3.exceptions.ReadTimeoutError. (Issue #419)
* Apply socket arguments before connecting. (Issue #427)
- Update to version 1.8.3 (2014-06-23)
* Fix TLS verification when using a proxy in Python 3.4.1.
* Fix TLS verification when using a proxy in Python 3.4.1.
(Issue #385)
* Add disable_cache option to urllib3.util.make_headers.
* Add disable_cache option to urllib3.util.make_headers.
(Issue #393)
* Wrap socket.timeout exception with
* Wrap socket.timeout exception with
urllib3.exceptions.ReadTimeoutError. (Issue #399)
* Fixed proxy-related bug where connections were being reused
* Fixed proxy-related bug where connections were being reused
incorrectly. (Issues #366, #369)
* Added socket_options keyword parameter which allows to define
* Added socket_options keyword parameter which allows to define
setsockopt configuration of new sockets. (Issue #397)
* Removed HTTPConnection.tcp_nodelay in favor of
* Removed HTTPConnection.tcp_nodelay in favor of
HTTPConnection.default_socket_options. (Issue #397)
* Fixed TypeError bug in Python 2.6.4. (Issue #411)
- Update to version 1.8.2 (2014-04-17)
@@ -1062,7 +1042,7 @@ Thu Sep 11 12:38:13 UTC 2014 - toddrme2178@gmail.com
- Update to version 1.8.1 (2014-04-17)
* Fix AppEngine bug of HTTPS requests going out as HTTP.
(Issue #356)
* Don't install dummyserver into site-packages as it's only
* Don't install dummyserver into site-packages as it's only
needed for the test suite. (Issue #362)
* Added support for specifying source_address. (Issue #352)

23
python-urllib3_1.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package python-urllib3_1
#
# Copyright (c) 2026 SUSE LLC and contributors
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -35,17 +35,12 @@ Source: https://files.pythonhosted.org/packages/source/u/urllib3/urllib3
# PATCH-FIX-UPSTREAM remove_mock.patch gh#urllib3/urllib3#2108 mcepl@suse.com
# remove dependency on the external module mock
Patch0: remove_mock.patch
# PATCH-FIX-UPSTREAM CVE-2025-50181 gh#urllib3/urllib3@f05b1329126d, bsc#1244925
Patch1: CVE-2025-50181-poolmanager-redirects.patch
# PATCH-FIX-OPENSUSE Explicitly ignore new DeprecationWarning from PyOpenSSL 25.1+
Patch2: filter-pyopenssl-deprecationwarning.patch
# PATCH-FIX-UPSTREAM CVE-2025-66471.patch bsc#1254867 gh#urllib3/urllib3@c19571d
# and parts from gh#urllib3/urllib3@c35033f as prerequisite
Patch3: CVE-2025-66471.patch
# PATCH-FIX-UPSTREAM CVE-2025-66418.patch bsc#1254866 gh#urllib3/urllib3@24d7b67
Patch4: CVE-2025-66418.patch
# PATCH-FIX-UPSTREAM CVE-2026-21441.patch bsc#1256331 gh#urllib3/urllib3@8864ac4
Patch5: CVE-2026-21441.patch
# PATCH-FIX-UPSTREAM CVE-2025-66471.patch bsc#1254867
Patch1: CVE-2025-66471.patch
# PATCH-FIX-UPSTREAM CVE-2025-66418.patch bsc#1254866
Patch2: CVE-2025-66418.patch
# PATCH-FIX-UPSTREAM CVE-2026-21441.patch bsc#1256331
Patch3: CVE-2026-21441.patch
BuildRequires: %{python_module base >= 3.7}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools}
@@ -60,11 +55,11 @@ Requires: python-cryptography >= 1.3.4
Requires: python-idna >= 2.0.0
Requires: python-pyOpenSSL >= 0.14
Requires: python-six >= 1.12.0
Recommends: python-Brotli >= 1.2.0
Recommends: python-Brotli >= 1.0.9
Recommends: python-PySocks >= 1.5.6
BuildArch: noarch
%if %{with test}
BuildRequires: %{python_module Brotli >= 1.2.0}
BuildRequires: %{python_module Brotli >= 1.0.9}
BuildRequires: %{python_module PySocks >= 1.5.6}
BuildRequires: %{python_module dateutil}
BuildRequires: %{python_module flaky}