Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-urllib3 for openSUSE:Factory
checked in at 2021-03-19 16:39:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-urllib3 (Old)
and /work/SRC/openSUSE:Factory/.python-urllib3.new.2401 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-urllib3"
Fri Mar 19 16:39:55 2021 rev:46 rq:879507 version:1.26.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-urllib3/python-urllib3.changes
2021-02-15 23:17:07.863470255 +0100
+++ /work/SRC/openSUSE:Factory/.python-urllib3.new.2401/python-urllib3.changes
2021-03-19 16:40:00.713859398 +0100
@@ -1,0 +2,7 @@
+Tue Mar 16 21:09:42 UTC 2021 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 1.26.4:
+ * Changed behavior of the default ``SSLContext`` when connecting to HTTPS
proxy
+ during HTTPS requests. The default ``SSLContext`` now sets
``check_hostname=True``.
+
+-------------------------------------------------------------------
Old:
----
urllib3-1.26.3.tar.gz
New:
----
urllib3-1.26.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-urllib3.spec ++++++
--- /var/tmp/diff_new_pack.mHeUzS/_old 2021-03-19 16:40:01.417860349 +0100
+++ /var/tmp/diff_new_pack.mHeUzS/_new 2021-03-19 16:40:01.417860349 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package python-urllib3
+# spec file for package python-urllib3-test
#
# Copyright (c) 2021 SUSE LLC
#
@@ -27,7 +27,7 @@
%bcond_with test
%endif
Name: python-urllib3%{psuffix}
-Version: 1.26.3
+Version: 1.26.4
Release: 0
Summary: HTTP library with thread-safe connection pooling, file post,
and more
License: MIT
++++++ urllib3-1.26.3.tar.gz -> urllib3-1.26.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/urllib3-1.26.3/CHANGES.rst
new/urllib3-1.26.4/CHANGES.rst
--- old/urllib3-1.26.3/CHANGES.rst 2021-01-26 19:57:14.000000000 +0100
+++ new/urllib3-1.26.4/CHANGES.rst 2021-03-15 16:03:47.000000000 +0100
@@ -1,6 +1,13 @@
Changes
=======
+1.26.4 (2021-03-15)
+-------------------
+
+* Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy
+ during HTTPS requests. The default ``SSLContext`` now sets
``check_hostname=True``.
+
+
1.26.3 (2021-01-26)
-------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/urllib3-1.26.3/PKG-INFO new/urllib3-1.26.4/PKG-INFO
--- old/urllib3-1.26.3/PKG-INFO 2021-01-26 19:57:39.199241600 +0100
+++ new/urllib3-1.26.4/PKG-INFO 2021-03-15 16:03:55.002221800 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: urllib3
-Version: 1.26.3
+Version: 1.26.4
Summary: HTTP library with thread-safe connection pooling, file post, and more.
Home-page: https://urllib3.readthedocs.io/
Author: Andrey Petrov
@@ -116,6 +116,13 @@
Changes
=======
+ 1.26.4 (2021-03-15)
+ -------------------
+
+ * Changed behavior of the default ``SSLContext`` when connecting to
HTTPS proxy
+ during HTTPS requests. The default ``SSLContext`` now sets
``check_hostname=True``.
+
+
1.26.3 (2021-01-26)
-------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/urllib3-1.26.3/src/urllib3/_version.py
new/urllib3-1.26.4/src/urllib3/_version.py
--- old/urllib3-1.26.3/src/urllib3/_version.py 2021-01-26 19:57:14.000000000
+0100
+++ new/urllib3-1.26.4/src/urllib3/_version.py 2021-03-15 16:03:47.000000000
+0100
@@ -1,2 +1,2 @@
# This file is protected via CODEOWNERS
-__version__ = "1.26.3"
+__version__ = "1.26.4"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/urllib3-1.26.3/src/urllib3/connection.py
new/urllib3-1.26.4/src/urllib3/connection.py
--- old/urllib3-1.26.3/src/urllib3/connection.py 2021-01-26
19:57:14.000000000 +0100
+++ new/urllib3-1.26.4/src/urllib3/connection.py 2021-03-15
16:03:47.000000000 +0100
@@ -490,6 +490,10 @@
self.ca_cert_dir,
self.ca_cert_data,
)
+ # By default urllib3's SSLContext disables `check_hostname` and uses
+ # a custom check. For proxies we're good with relying on the default
+ # verification.
+ ssl_context.check_hostname = True
# If no cert was provided, use only the default options for server
# certificate validation
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/urllib3-1.26.3/src/urllib3/util/retry.py
new/urllib3-1.26.4/src/urllib3/util/retry.py
--- old/urllib3-1.26.3/src/urllib3/util/retry.py 2021-01-26
19:57:14.000000000 +0100
+++ new/urllib3-1.26.4/src/urllib3/util/retry.py 2021-03-15
16:03:47.000000000 +0100
@@ -253,6 +253,7 @@
"Using 'method_whitelist' with Retry is deprecated and "
"will be removed in v2.0. Use 'allowed_methods' instead",
DeprecationWarning,
+ stacklevel=2,
)
allowed_methods = method_whitelist
if allowed_methods is _Default:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/urllib3-1.26.3/src/urllib3.egg-info/PKG-INFO
new/urllib3-1.26.4/src/urllib3.egg-info/PKG-INFO
--- old/urllib3-1.26.3/src/urllib3.egg-info/PKG-INFO 2021-01-26
19:57:39.000000000 +0100
+++ new/urllib3-1.26.4/src/urllib3.egg-info/PKG-INFO 2021-03-15
16:03:54.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: urllib3
-Version: 1.26.3
+Version: 1.26.4
Summary: HTTP library with thread-safe connection pooling, file post, and more.
Home-page: https://urllib3.readthedocs.io/
Author: Andrey Petrov
@@ -116,6 +116,13 @@
Changes
=======
+ 1.26.4 (2021-03-15)
+ -------------------
+
+ * Changed behavior of the default ``SSLContext`` when connecting to
HTTPS proxy
+ during HTTPS requests. The default ``SSLContext`` now sets
``check_hostname=True``.
+
+
1.26.3 (2021-01-26)
-------------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/urllib3-1.26.3/test/conftest.py
new/urllib3-1.26.4/test/conftest.py
--- old/urllib3-1.26.3/test/conftest.py 2021-01-26 19:57:14.000000000 +0100
+++ new/urllib3-1.26.4/test/conftest.py 2021-03-15 16:03:47.000000000 +0100
@@ -65,6 +65,17 @@
@pytest.fixture
+def no_localhost_san_server(tmp_path_factory):
+ tmpdir = tmp_path_factory.mktemp("certs")
+ ca = trustme.CA()
+ # non localhost common name
+ server_cert = ca.issue_cert(u"example.com")
+
+ with run_server_in_thread("https", "localhost", tmpdir, ca, server_cert)
as cfg:
+ yield cfg
+
+
+@pytest.fixture
def ip_san_server(tmp_path_factory):
tmpdir = tmp_path_factory.mktemp("certs")
ca = trustme.CA()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/urllib3-1.26.3/test/with_dummyserver/test_proxy_poolmanager.py
new/urllib3-1.26.4/test/with_dummyserver/test_proxy_poolmanager.py
--- old/urllib3-1.26.3/test/with_dummyserver/test_proxy_poolmanager.py
2021-01-26 19:57:14.000000000 +0100
+++ new/urllib3-1.26.4/test/with_dummyserver/test_proxy_poolmanager.py
2021-03-15 16:03:47.000000000 +0100
@@ -543,3 +543,25 @@
r = http.request("GET", "%s/" % self.https_url)
assert r.status == 200
+
+
+class TestHTTPSProxyVerification:
+ @onlyPy3
+ def test_https_proxy_hostname_verification(self, no_localhost_san_server):
+ bad_server = no_localhost_san_server
+ bad_proxy_url = "https://%s:%s"; % (bad_server.host, bad_server.port)
+
+ # An exception will be raised before we contact the destination domain.
+ test_url = "testing.com"
+ with proxy_from_url(bad_proxy_url, ca_certs=bad_server.ca_certs) as
https:
+ with pytest.raises(MaxRetryError) as e:
+ https.request("GET", "http://%s/"; % test_url)
+ assert isinstance(e.value.reason, SSLError)
+ assert "hostname 'localhost' doesn't match" in str(e.value.reason)
+
+ with pytest.raises(MaxRetryError) as e:
+ https.request("GET", "https://%s/"; % test_url)
+ assert isinstance(e.value.reason, SSLError)
+ assert "hostname 'localhost' doesn't match" in str(
+ e.value.reason
+ ) or "Hostname mismatch" in str(e.value.reason)
