34 lines
1.7 KiB
Plaintext
34 lines
1.7 KiB
Plaintext
<patchinfo incident="1">
|
|
<!-- generated from request(s) 353314 -->
|
|
<issue tracker="bnc" id="1226321">HTTPie SSL certificate problems with python-requests 2.32.3 (fine with 2.32.2)</issue>
|
|
<issue tracker="bnc" id="1231500">registercloudguest throws SSL error on registration call</issue>
|
|
<packager>StevenK</packager>
|
|
<rating>moderate</rating>
|
|
<category>security</category>
|
|
<summary>Security update for python-requests</summary>
|
|
<description>This update for python-requests fixes the following issues:
|
|
|
|
- Add patch to inject the default CA bundles if they are not specified.
|
|
(bsc#1226321, bsc#1231500)
|
|
|
|
- Remove Requires on python-py.
|
|
|
|
- update to 2.32.3:
|
|
* Fixed bug breaking the ability to specify custom SSLContexts
|
|
in sub-classes of HTTPAdapter.
|
|
* Fixed issue where Requests started failing to run on Python
|
|
versions compiled without the `ssl` module.
|
|
|
|
* To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0,
|
|
we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing
|
|
custom HTTPAdapters will need to migrate their code to use this new API. get_connection is
|
|
* Fixed an issue where setting verify=False on the first request from a Session
|
|
will cause subsequent requests to the same origin to also ignore cert verification,
|
|
* verify=True now reuses a global SSLContext which should improve request time
|
|
* Requests now supports optional use of character detection (chardet or charset_normalizer)
|
|
when repackaged or vendored. This enables pip and other projects to minimize their
|
|
</description>
|
|
<package>python-requests</package>
|
|
<package>python-requests:test</package>
|
|
<seperate_build_arch/>
|
|
</patchinfo> |