Dominique Leuenberger
7418831001
- Do not ignore deprecation warnings, the testsuite explicitly clears all warnings multiple times. - Add patch filter-pyopenssl-deprecationwarning.patch: * Explicitly filter out new DeprecationWarnings raised by PyOpenSSL 25.1+ old: openSUSE:Factory/python-urllib3_1 new: devel:languages:python/python-urllib3_1 rev None Index: python-urllib3_1.changes =================================================================== --- python-urllib3_1.changes (revision 11) +++ python-urllib3_1.changes (revision 30) @@ -1,4 +1,17 @@ ------------------------------------------------------------------- +Tue Aug 5 05:58:09 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com> + +- Do not ignore deprecation warnings, the testsuite explicitly + clears all warnings multiple times. +- Add patch filter-pyopenssl-deprecationwarning.patch: + * Explicitly filter out new DeprecationWarnings raised by PyOpenSSL 25.1+ + +------------------------------------------------------------------- +Thu Jul 17 20:28:07 UTC 2025 - Dirk Müller <dmueller@suse.com> + +- ignore deprecation warnings + +------------------------------------------------------------------- Wed Jun 25 05:18:37 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com> - Add patch CVE-2025-50181-poolmanager-redirects.patch: @@ -71,7 +84,7 @@ ------------------------------------------------------------------- Mon May 15 13:52:10 UTC 2023 - Dirk Müller <dmueller@suse.com> -- rename to python-urllib3_1 +- rename to python-urllib3_1 ------------------------------------------------------------------- Fri Apr 21 12:38:19 UTC 2023 - Dirk Müller <dmueller@suse.com> @@ -198,7 +211,7 @@ - update to 1.26.6 * Deprecated the urllib3.contrib.ntlmpool module. - * Changed HTTPConnection.request_chunked() to not erroneously emit multiple + * Changed HTTPConnection.request_chunked() to not erroneously emit multiple Transfer-Encoding headers in the case that one is already specified. * Fixed typo in deprecation message to recommend Retry.DEFAULT_ALLOWED_METHODS. @@ -280,7 +293,7 @@ ``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)`` (Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed** * Added default ``User-Agent`` header to every request (Pull #1750) - * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``, + * Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``, and ``Host`` headers from being automatically emitted with requests (Pull #2018) * Collapse ``transfer-encoding: chunked`` request data and framing into the same ``socket.send()`` call (Pull #1906) @@ -573,7 +586,7 @@ - add 1414.patch - fix tests with new tornado - refresh python-urllib3-recent-date.patch - drop urllib3-test-no-coverage.patch - * Allow providing a list of headers to strip from requests when redirecting + * Allow providing a list of headers to strip from requests when redirecting to a different host. Defaults to the Authorization header. Different headers can be set via Retry.remove_headers_on_redirect. * Fix util.selectors._fileobj_to_fd to accept long @@ -921,9 +934,9 @@ * pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696) * Close connections more defensively on exception. (Issue #734) * Adjusted read_chunked to handle gzipped, chunk-encoded bodies - without repeatedly flushing the decoder, to function better on + without repeatedly flushing the decoder, to function better on Jython. (Issue #743) - * Accept ca_cert_dir for SSL-related PoolManager configuration. + * Accept ca_cert_dir for SSL-related PoolManager configuration. (Issue #758) - removed ready-event.patch: applied upstream @@ -963,12 +976,12 @@ ------------------------------------------------------------------- Tue Oct 6 15:03:05 UTC 2015 - hpj@urpla.net -- add python-pyOpenSSL, python-certifi and python-pyasn1 requirements +- add python-pyOpenSSL, python-certifi and python-pyasn1 requirements ------------------------------------------------------------------- Tue Oct 6 12:46:25 UTC 2015 - hpj@urpla.net -- Comment out test requirements, as tests are disabled anyway, and +- Comment out test requirements, as tests are disabled anyway, and one of these packages depend on python-requests, which depends on this package resulting in a circular dependency for openSUSE <= 13.1 @@ -978,9 +991,9 @@ - Update to version 1.12 * Rely on six for importing httplib to work around conflicts with other Python 3 shims. (Issue #688) - * Add support for directories of certificate authorities, as + * Add support for directories of certificate authorities, as supported by OpenSSL. (Issue #701) - * New exception: NewConnectionError, raised when we fail to + * New exception: NewConnectionError, raised when we fail to establish a new connection, usually ECONNREFUSED socket error. - Fix version dependencies - Add new build requirements following upstream changes @@ -988,7 +1001,7 @@ * python-tox * python-twine * python-wheel -- Update 0001-Don-t-pin-dependency-to-exact-version.patch +- Update 0001-Don-t-pin-dependency-to-exact-version.patch - Disable tests for now, as there require network ------------------------------------------------------------------- @@ -998,42 +1011,42 @@ - Rebase 0001-Don-t-pin-dependency-to-exact-version.patch and urllib3-test-no-coverage.patch - Update to version 1.9 (2014-07-04) - * Shuffled around development-related files. - If you're maintaining a distro package of urllib3, you may need + * Shuffled around development-related files. + If you're maintaining a distro package of urllib3, you may need to tweak things. (Issue #415) - * Unverified HTTPS requests will trigger a warning on the first + * Unverified HTTPS requests will trigger a warning on the first request. See our new security documentation for details. (Issue #426) - * New retry logic and urllib3.util.retry.Retry configuration + * New retry logic and urllib3.util.retry.Retry configuration object. (Issue #326) - * All raised exceptions should now wrapped in a - urllib3.exceptions.HTTPException-extending exception. + * All raised exceptions should now wrapped in a + urllib3.exceptions.HTTPException-extending exception. (Issue #326) * All errors during a retry-enabled request should be wrapped in - urllib3.exceptions.MaxRetryError, including timeout-related - exceptions which were previously exempt. Underlying error is + urllib3.exceptions.MaxRetryError, including timeout-related + exceptions which were previously exempt. Underlying error is accessible from the .reason propery. (Issue #326) - * urllib3.exceptions.ConnectionError renamed to + * urllib3.exceptions.ConnectionError renamed to urllib3.exceptions.ProtocolError. (Issue #326) * Errors during response read (such as IncompleteRead) are now wrapped in urllib3.exceptions.ProtocolError. (Issue #418) - * Requesting an empty host will raise + * Requesting an empty host will raise urllib3.exceptions.LocationValueError. (Issue #417) - * Catch read timeouts over SSL connections as + * Catch read timeouts over SSL connections as urllib3.exceptions.ReadTimeoutError. (Issue #419) * Apply socket arguments before connecting. (Issue #427) - Update to version 1.8.3 (2014-06-23) - * Fix TLS verification when using a proxy in Python 3.4.1. + * Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385) - * Add disable_cache option to urllib3.util.make_headers. + * Add disable_cache option to urllib3.util.make_headers. (Issue #393) - * Wrap socket.timeout exception with + * Wrap socket.timeout exception with urllib3.exceptions.ReadTimeoutError. (Issue #399) - * Fixed proxy-related bug where connections were being reused + * Fixed proxy-related bug where connections were being reused incorrectly. (Issues #366, #369) - * Added socket_options keyword parameter which allows to define + * Added socket_options keyword parameter which allows to define setsockopt configuration of new sockets. (Issue #397) - * Removed HTTPConnection.tcp_nodelay in favor of + * Removed HTTPConnection.tcp_nodelay in favor of HTTPConnection.default_socket_options. (Issue #397) * Fixed TypeError bug in Python 2.6.4. (Issue #411) - Update to version 1.8.2 (2014-04-17) @@ -1041,7 +1054,7 @@ - Update to version 1.8.1 (2014-04-17) * Fix AppEngine bug of HTTPS requests going out as HTTP. (Issue #356) - * Don't install dummyserver into site-packages as it's only + * Don't install dummyserver into site-packages as it's only needed for the test suite. (Issue #362) * Added support for specifying source_address. (Issue #352) Index: python-urllib3_1.spec =================================================================== --- python-urllib3_1.spec (revision 11) +++ python-urllib3_1.spec (revision 30) @@ -1,7 +1,7 @@ # # spec file for package python-urllib3_1 # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -37,6 +37,8 @@ Patch0: remove_mock.patch # PATCH-FIX-UPSTREAM CVE-2025-50181 gh#urllib3/urllib3@f05b1329126d, bsc#1244925 Patch1: CVE-2025-50181-poolmanager-redirects.patch +# PATCH-FIX-OPENSUSE Explicitly ignore new DeprecationWarning from PyOpenSSL 25.1+ +Patch2: filter-pyopenssl-deprecationwarning.patch BuildRequires: %{python_module base >= 3.7} BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} Index: filter-pyopenssl-deprecationwarning.patch =================================================================== --- filter-pyopenssl-deprecationwarning.patch (added) +++ filter-pyopenssl-deprecationwarning.patch (revision 30) @@ -0,0 +1,133 @@ +Index: urllib3-1.26.20/test/with_dummyserver/test_https.py +=================================================================== +--- urllib3-1.26.20.orig/test/with_dummyserver/test_https.py ++++ urllib3-1.26.20/test/with_dummyserver/test_https.py +@@ -215,6 +215,10 @@ class TestHTTPS(HTTPSDummyServerTestCase + assert conn.__class__ == VerifiedHTTPSConnection + + with warnings.catch_warnings(record=True) as w: ++ # Filter PyOpenSSL 25.1+ DeprecationWarning ++ warnings.filterwarnings( ++ "ignore", message="Attempting to mutate a Context after", category=DeprecationWarning ++ ) + r = https_pool.request("GET", "/") + assert r.status == 200 + +@@ -245,6 +249,13 @@ class TestHTTPS(HTTPSDummyServerTestCase + r = https_pool.request("GET", "/") + assert r.status == 200 + ++ # Filter PyOpenSSL 25.1+ DeprecationWarning ++ calls = warn.call_args_list ++ calls = [ ++ call for call in calls if call[0][1] != DeprecationWarning and ++ not call[0][0].startswith("Attempting to mutate a Context") ++ ] ++ + # Modern versions of Python, or systems using PyOpenSSL, don't + # emit warnings. + if ( +@@ -252,7 +263,7 @@ class TestHTTPS(HTTPSDummyServerTestCase + or util.IS_PYOPENSSL + or util.IS_SECURETRANSPORT + ): +- assert not warn.called, warn.call_args_list ++ assert not calls + else: + assert warn.called + if util.HAS_SNI: +@@ -274,6 +285,13 @@ class TestHTTPS(HTTPSDummyServerTestCase + r = https_pool.request("GET", "/") + assert r.status == 200 + ++ # Filter PyOpenSSL 25.1+ DeprecationWarning ++ calls = warn.call_args_list ++ calls = [ ++ call for call in calls if call[0][1] != DeprecationWarning and ++ not call[0][0].startswith("Attempting to mutate a Context") ++ ] ++ + # Modern versions of Python, or systems using PyOpenSSL, don't + # emit warnings. + if ( +@@ -281,7 +299,7 @@ class TestHTTPS(HTTPSDummyServerTestCase + or util.IS_PYOPENSSL + or util.IS_SECURETRANSPORT + ): +- assert not warn.called, warn.call_args_list ++ assert not calls + else: + assert warn.called + if util.HAS_SNI: +@@ -306,6 +324,10 @@ class TestHTTPS(HTTPSDummyServerTestCase + assert conn.__class__ == VerifiedHTTPSConnection + + with warnings.catch_warnings(record=True) as w: ++ # Filter PyOpenSSL 25.1+ DeprecationWarning ++ warnings.filterwarnings( ++ "ignore", message="Attempting to mutate a Context after", category=DeprecationWarning ++ ) + r = https_pool.request("GET", "/") + assert r.status == 200 + +@@ -412,6 +434,12 @@ class TestHTTPS(HTTPSDummyServerTestCase + # warnings, which we want to ignore here. + calls = warn.call_args_list + ++ # Filter PyOpenSSL 25.1+ DeprecationWarning ++ calls = [ ++ call for call in calls if call[0][1] != DeprecationWarning and ++ not call[0][0].startswith("Attempting to mutate a Context") ++ ] ++ + # If we're using a deprecated TLS version we can remove 'DeprecationWarning' + if self.tls_protocol_deprecated(): + calls = [call for call in calls if call[0][1] != DeprecationWarning] +@@ -687,6 +715,11 @@ class TestHTTPS(HTTPSDummyServerTestCase + def _request_without_resource_warnings(self, method, url): + with warnings.catch_warnings(record=True) as w: + warnings.simplefilter("always") ++ # Filter PyOpenSSL 25.1+ DeprecationWarning ++ warnings.filterwarnings( ++ "ignore", message="Attempting to mutate a Context after", ++ category=DeprecationWarning ++ ) + with HTTPSConnectionPool( + self.host, self.port, ca_certs=DEFAULT_CA + ) as https_pool: +@@ -742,6 +775,11 @@ class TestHTTPS(HTTPSDummyServerTestCase + conn = https_pool._get_conn() + try: + with warnings.catch_warnings(record=True) as w: ++ # Filter PyOpenSSL 25.1+ DeprecationWarning ++ warnings.filterwarnings( ++ "ignore", message="Attempting to mutate a Context after", ++ category=DeprecationWarning ++ ) + conn.connect() + if not hasattr(conn.sock, "version"): + pytest.skip("SSLSocket.version() not available") +@@ -769,6 +807,11 @@ class TestHTTPS(HTTPSDummyServerTestCase + conn = https_pool._get_conn() + try: + with warnings.catch_warnings(record=True) as w: ++ # Filter PyOpenSSL 25.1+ DeprecationWarning ++ warnings.filterwarnings( ++ "ignore", message="Attempting to mutate a Context after", ++ category=DeprecationWarning ++ ) + conn.connect() + finally: + conn.close() +@@ -788,6 +831,11 @@ class TestHTTPS(HTTPSDummyServerTestCase + conn = https_pool._get_conn() + try: + with warnings.catch_warnings(record=True) as w: ++ # Filter PyOpenSSL 25.1+ DeprecationWarning ++ warnings.filterwarnings( ++ "ignore", message="Attempting to mutate a Context after", ++ category=DeprecationWarning ++ ) + conn.connect() + finally: + conn.close() OBS-URL: https://build.opensuse.org/request/show/1297619 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3_1?expand=0&rev=12