- update to 2.0.6 (bsc#1215968, CVE-2023-43804):
* Added the Cookie header to the list of headers to strip from
requests when redirecting to a different host. As before, different
headers can be set via Retry.remove_headers_on_redirect
- 2.0.5:
* Allowed pyOpenSSL third-party module without any deprecation
warning. #3126
* Fixed default blocksize of HTTPConnection classes to match
high-level classes. Previously was 8KiB, now 16KiB. #3066
OBS-URL: https://build.opensuse.org/request/show/1115892
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=62
* Changed HTTPConnection.request_chunked() to not erroneously emit multiple
* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
- Add missing dependency on python-six (bsc#1150895)
- update to 1.25 (bsc#1132663, bsc#1129071, CVE-2019-9740, CVE-2019-11236):
* Allow providing a list of headers to strip from requests when redirecting
without repeatedly flushing the decoder, to function better on
* Accept ca_cert_dir for SSL-related PoolManager configuration.
- add python-pyOpenSSL, python-certifi and python-pyasn1 requirements
- Comment out test requirements, as tests are disabled anyway, and
* Add support for directories of certificate authorities, as
* New exception: NewConnectionError, raised when we fail to
- Update 0001-Don-t-pin-dependency-to-exact-version.patch
* Shuffled around development-related files.
If you're maintaining a distro package of urllib3, you may need
* Unverified HTTPS requests will trigger a warning on the first
* New retry logic and urllib3.util.retry.Retry configuration
* All raised exceptions should now wrapped in a
urllib3.exceptions.HTTPException-extending exception.
urllib3.exceptions.MaxRetryError, including timeout-related
exceptions which were previously exempt. Underlying error is
* urllib3.exceptions.ConnectionError renamed to
* Requesting an empty host will raise
* Catch read timeouts over SSL connections as
* Fix TLS verification when using a proxy in Python 3.4.1.
* Add disable_cache option to urllib3.util.make_headers.
* Wrap socket.timeout exception with
* Fixed proxy-related bug where connections were being reused
* Added socket_options keyword parameter which allows to define
* Removed HTTPConnection.tcp_nodelay in favor of
* Don't install dummyserver into site-packages as it's only
OBS-URL: https://build.opensuse.org/request/show/1112725
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=61
- Disable test_deprecated_no_scheme so it needs network connection to
run correctly.
- update to 2.0.3:
* Allowed alternative SSL libraries such as LibreSSL, while
still issuing a warning as we cannot help users facing issues
with implementations other than OpenSSL.
* Deprecated URLs which don't have an explicit scheme
* Fixed response decoding with Zstandard when compressed data
is made of several frames.
* Fixed ``assert_hostname=False`` to correctly skip hostname
check.
OBS-URL: https://build.opensuse.org/request/show/1096959
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=58
- update to 2.0.2:
* Fixed ``HTTPResponse.stream()`` to continue yielding bytes if
buffered decompressed data was still available to be read
even if the underlying socket is closed. This prevents
a compressed response from being truncated.
- Update to 2.0.1:
* Fixed a socket leak when fingerprint or hostname verifications fail.
* Fixed an error when HTTPResponse.read(0) was the first read call or when
the internal response body buffer was otherwise empty.
* Removed support for Python 2.7, 3.5, and 3.6.
* Removed fallback on certificate commonName in match_hostname() function.
* Removed support for Python with an ssl module compiled with LibreSSL,
CiscoSSL, wolfSSL, and all other OpenSSL alternatives.
* Removed support for OpenSSL versions earlier than 1.1.1.
* Removed urllib3.contrib.appengine.AppEngineManager and support for Google
App Engine Standard Environment.
* Changed ssl_version to instead set the corresponding
SSLContext.minimum_version and SSLContext.maximum_version values.
* Changed default SSLContext.minimum_version to be TLSVersion.TLSv1_2
in line with Python 3.10.
* Changed urllib3.util.create_urllib3_context to not override the system
cipher suites with a default value.
* Changed multipart/form-data header parameter formatting matches the
WHATWG HTML Standard as of 2021-06-10.
* Changed HTTPConnection.request() to always use lowercase chunk boundaries
when sending requests with Transfer-Encoding: chunked.
* Changed enforce_content_length default to True, preventing silent data
loss when reading streamed responses.
* Changed all parameters in the HTTPConnection and HTTPSConnection
OBS-URL: https://build.opensuse.org/request/show/1087259
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=57
- update to 1.26.13
* Deprecated the ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` methods.
* Fixed an issue where parsing a URL with leading zeroes in the port would be rejected
even when the port number after removing the zeroes was valid.
* Fixed a deprecation warning when using cryptography v39.0.0.
* Removed the ``<4`` in the ``Requires-Python`` packaging metadata field. (forwarded request 1039590 from glaubitz)
OBS-URL: https://build.opensuse.org/request/show/1039604
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=53
- Remove unneeded BuildRequires of mock.
- Remove unbundling off ssl.match_hostname.
* It was only done for the primary python3 flavor
* It is bundled for a reason gh#urllib3/urllib3#2439,
gh#urllib3/urllib3#2448
* The tests (and probably urllib3 users) use wildcard patterns
not supported by the stdlib
- Fix undbundling of six for all flavors
- Replace brotlipy recommendation and test with python-Brotli
(see release notes below)
- update to 1.26.9:
* Changed ``urllib3[brotli]`` extra to favor installing Brotli libraries that are still
receiving updates like ``brotli`` and ``brotlicffi`` instead of ``brotlipy``.
This change does not impact behavior of urllib3, only which dependencies are installed.
* Fixed a socket leaking when ``HTTPSConnection.connect()`` raises an exception.
* Fixed ``server_hostname`` being forwarded from ``PoolManager`` to ``HTTPConnectionPool``
when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL.
- update to 1.26.8:
* Added extra message to``urllib3.exceptions.ProxyError`` when urllib3 detects that
a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP.
* Added a mention of the size of the connection pool when discarding a
connection due to the pool being full.
* Added explicit support for Python 3.11.
* Deprecated the ``Retry.MAX_BACKOFF`` class property in favor of
``Retry.DEFAULT_MAX_BACKOFF`` to better match the rest of the default parameter names.
``Retry.MAX_BACKOFF`` is removed in v2.0.
* Changed location of the vendored ``ssl.match_hostname`` function from
OBS-URL: https://build.opensuse.org/request/show/970661
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=49
- If you skip_python2 you don't need mock.
- We don't need to break Python 2.7
- Add remove_mock.patch to remove dependency on the external mock
package (gh#urllib3/urllib3#2108).
- Fixed the testsuite and updated dependencies
- update to 1.26.2:
* Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't
be imported properly on Python 2.7.8 and earlier (Pull #2052)
* Fixed an issue where two ``User-Agent`` headers would be sent if a
``User-Agent`` header key is passed as ``bytes`` (Pull #2047)
* Added support for HTTPS proxies contacting HTTPS servers (Pull #1923, Pull #1806)
* Deprecated negotiating TLSv1 and TLSv1.1 by default. Users that
still wish to use TLS earlier than 1.2 without a deprecation warning
should opt-in explicitly by setting ``ssl_version=ssl.PROTOCOL_TLSv1_1`` (Pull #2002)
**Starting in urllib3 v2.0: Connections that receive a ``DeprecationWarning`` will fail**
* Deprecated ``Retry`` options ``Retry.DEFAULT_METHOD_WHITELIST``, ``Retry.DEFAULT_REDIRECT_HEADERS_BLACKLIST``
and ``Retry(method_whitelist=...)`` in favor of ``Retry.DEFAULT_ALLOWED_METHODS``,
``Retry.DEFAULT_REMOVE_HEADERS_ON_REDIRECT``, and ``Retry(allowed_methods=...)``
(Pull #2000) **Starting in urllib3 v2.0: Deprecated options will be removed**
* Added default ``User-Agent`` header to every request (Pull #1750)
* Added ``urllib3.util.SKIP_HEADER`` for skipping ``User-Agent``, ``Accept-Encoding``,
and ``Host`` headers from being automatically emitted with requests (Pull #2018)
* Collapse ``transfer-encoding: chunked`` request data and framing into
the same ``socket.send()`` call (Pull #1906)
* Send ``http/1.1`` ALPN identifier with every TLS handshake by default (Pull #1894)
* Properly terminate SecureTransport connections when CA verification fails (Pull #1977)
* Don't emit an ``SNIMissingWarning`` when passing ``server_hostname=None``
to SecureTransport (Pull #1903)
* Disabled requesting TLSv1.2 session tickets as they weren't being used by urllib3 (Pull #1970)
* Suppress ``BrokenPipeError`` when writing request body after the server
has closed the socket (Pull #1524)
* Wrap ``ssl.SSLError`` that can be raised from reading a socket (e.g. "bad MAC")
into an ``urllib3.exceptions.SSLError`` (Pull #1939)
* Fix retry backoff time parsed from ``Retry-After`` header when given
in the HTTP date format. The HTTP date was parsed as the local timezone
rather than accounting for the timezone in the HTTP date (typically
UTC) (Pull #1932, Pull #1935, Pull #1938, Pull #1949)
OBS-URL: https://build.opensuse.org/request/show/855865
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=42
- update to 1.25.10:
* Added support for ``SSLKEYLOGFILE`` environment variable for
logging TLS session keys with use with programs like
Wireshark for decrypting captured web traffic (Pull #1867)
* Fixed loading of SecureTransport libraries on macOS Big Sur
due to the new dynamic linker cache (Pull #1905)
* Collapse chunked request bodies data and framing into one
call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906)
* Don't insert ``None`` into ``ConnectionPool`` if the pool
was empty when requesting a connection (Pull #1866)
* Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858)
OBS-URL: https://build.opensuse.org/request/show/824352
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=40
- update to 1.25.9:
* Added ``InvalidProxyConfigurationWarning`` which is raised when
erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently
support connecting to HTTPS proxies but will soon be able to
and we would like users to migrate properly without much breakage.
* Drain connection after ``PoolManager`` redirect (Pull #1817)
* Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812)
* Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805)
* Allow the CA certificate data to be passed as a string (Pull #1804)
* Raise ``ValueError`` if method contains control characters (Pull #1800)
* Add ``__repr__`` to ``Timeout`` (Pull #1795)
OBS-URL: https://build.opensuse.org/request/show/811626
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=39
- Restrict the tornado dep from tom to 5 or older release as the
6.x changed the API
- Update to 1.25.5:
* Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using cert_reqs=CERT_NONE. (Issue #1682)
* Propagate Retry-After header settings to subsequent retries. (Pull #1607)
* Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull #1607)
* Remove dependency on rfc3986 for URL parsing.
* Fix issue where URLs containing invalid characters within Url.auth would raise an exception instead of percent-encoding those characters.
* Add support for HTTPResponse.auto_close = False which makes HTTP responses work well with BufferedReaders and other io module features. (Pull #1652)
* Percent-encode invalid characters in URL for HTTPConnectionPool.request() (Pull #1673)
- Drop patch urllib3-ssl-default-context.patch
- Drop patch python-urllib3-recent-date.patch the date is recent
enough on its own
OBS-URL: https://build.opensuse.org/request/show/733657
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=34
- Skip test_source_address_error as we raise different error with
fixes that we provide in new python2/3
- Add more test to skip as with new openssl some behaviour changed
and we can't rely on them anymore
- Unbundle the six, rfc3986, and backports.ssl_match_hostname
- Update to 1.25.3:
* Change HTTPSConnection to load system CA certificates when ca_certs, ca_cert_dir, and ssl_context are unspecified. (Pull #1608, Issue #1603)
* Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605)
- Update to 1.25.2:
* Change is_ipaddress to not detect IPvFuture addresses. (Pull #1583)
* Change parse_url to percent-encode invalid characters within the path, query, and target components. (Pull #1586)
* Add support for Google's Brotli package. (Pull #1572, Pull #1579)
* Upgrade bundled rfc3986 to v1.3.1 (Pull #1578)
- Require all the deps from the secure list rather than Recommend.
This makes the check to be run always and ensure the urls are
"secure".
- Remove ndg-httpsclient as it is not needed since 2015
- Add missing dependency on brotlipy
- Fix the tests to pass again
- update to 1.25 (bsc#1132663, CVE-2019-11236):
* Require and validate certificates by default when using HTTPS
* Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant.
* Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
encrypted ``key_file`` without creating your own ``SSLContext`` object.
OBS-URL: https://build.opensuse.org/request/show/708287
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=27
- Update to 1.24:
* Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449)
* Test against Python 3.7 on AppVeyor. (Pull #1453)
* Early-out ipv6 checks when running on App Engine. (Pull #1450)
* Change ambiguous description of backoff_factor (Pull #1436)
* Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442)
* Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405).
* Add a server_hostname parameter to HTTPSConnection which allows for overriding the SNI hostname sent in the handshake. (Pull #1397)
* Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430)
* Fixed bug where responses with header Content-Type: message/* erroneously raised HeaderParsingError, resulting in a warning being logged. (Pull #1439)
* Move urllib3 to src/urllib3 (Pull #1409)
- Drop patch 1414.patch merged upstream
- Refresh patches:
* python-urllib3-recent-date.patch
* urllib3-ssl-default-context.patch
OBS-URL: https://build.opensuse.org/request/show/645906
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=24
- update to 1.23
- add 1414.patch - fix tests with new tornado
- refresh python-urllib3-recent-date.patch
- drop urllib3-test-no-coverage.patch
* Allow providing a list of headers to strip from requests when redirecting
to a different host. Defaults to the Authorization header. Different
headers can be set via Retry.remove_headers_on_redirect.
* Fix util.selectors._fileobj_to_fd to accept long
* Dropped Python 3.3 support.
* Put the connection back in the pool when calling stream()
or read_chunked() on a chunked HEAD response.
* Fixed pyOpenSSL-specific ssl client authentication issue when clients
attempted to auth via certificate + chain
* Add the port to the connectionpool connect print
* Don't use the uuid module to create multipart data boundaries.
* read_chunked() on a closed response returns no chunks.
* Add Python 2.6 support to contrib.securetransport
* Added support for auth info in url for SOCKS proxy (forwarded request 622951 from mimi_vx)
OBS-URL: https://build.opensuse.org/request/show/622952
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=18
- removed python-certifi dependency, we don't want to use it
- drop 0001-Don-t-pin-dependency-to-exact-version.patch because it's
not needed anymore
- re-enable tests, re-add relevant dependencies
* don't exclude test_util.py
* exclude proxy timeout tests that fail for spurious reasons
- urllib3-ssl-default-context.patch - use set_default_verify_paths()
if no certificate path specified and verification not explicitly
disabled
- urllib3-test-ssl-drop-sslv3.patch - don't use "SSLv3" constants
in python 2.7.9 and up
- ready-event.patch - fix race conditions in timeout tests
- drop %pre section because apparently "egg-info as file" is no longer
true and this breaks builds
OBS-URL: https://build.opensuse.org/request/show/345102
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=6
