Accepting request 298191 from devel:languages:python

1 OBS-URL: https://build.opensuse.org/request/show/298191 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-requests?expand=0&rev=23
2015-04-21 08:53:57 +00:00
parent 649d314154
commit 59d2b186f0
4 changed files with 27 additions and 4 deletions
--- a/python-requests.changes
+++ b/python-requests.changes
@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Mon Apr 20 12:25:21 UTC 2015 - mcihar@suse.cz
+
+- Update to 2.6.0:
+  - Fix handling of cookies on redirect. Previously a cookie without a host
+    value set would use the hostname for the redirected URL exposing requests
+    users to session fixation attacks and potentially cookie stealing. This was
+    disclosed privately by Matthew Daley of `BugFuzz <https://bugfuzz.com>`_.
+    An CVE identifier has not yet been assigned for this. This affects all
+    versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends).
+  - Fix error when requests is an ``install_requires`` dependency and ``python
+    setup.py test`` is run. (#2462)
+  - Fix error when urllib3 is unbundled and requests continues to use the
+    vendored import location.
+  - Include fixes to ``urllib3``'s header handling.
+  - Requests' handling of unvendored dependencies is now more restrictive.
+  - Support bytearrays when passed as parameters in the ``files`` argument.
+    (#2468)
+  - Avoid data duplication when creating a request with ``str``, ``bytes``, or
+    ``bytearray`` input to the ``files`` argument.
+  - Revert changes to our vendored certificate bundle. For more context see
+    (#2455, #2456, and http://bugs.python.org/issue23476)
+
 -------------------------------------------------------------------
 Tue Feb 24 13:04:17 UTC 2015 - tbechtold@suse.com