Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-urllib3 for openSUSE:Factory checked in at 2024-10-03 18:00:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-urllib3 (Old) and /work/SRC/openSUSE:Factory/.python-urllib3.new.19354 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-urllib3" Thu Oct 3 18:00:38 2024 rev:68 rq:1205339 version:2.2.3 Changes: -------- --- /work/SRC/openSUSE:Factory/python-urllib3/python-urllib3.changes 2024-06-18 22:50:49.788502503 +0200 +++ /work/SRC/openSUSE:Factory/.python-urllib3.new.19354/python-urllib3.changes 2024-10-03 18:00:51.163367944 +0200 @@ -1,0 +2,56 @@ +Thu Oct 3 05:10:09 UTC 2024 - Steve Kowalik <[email protected]> + +- Update to 2.2.3: + * Features + + Added support for Python 3.13. + * Bugfixes + + Fixed the default encoding of chunked request bodies to be UTF-8 + instead of ISO-8859-1. All other methods of supplying a request body + already use UTF-8 starting in urllib3 v2.0. + + Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting + python/cpython#103472. + + Fixed a crash where certain standard library hash functions were absent + in restricted environments. + + Added the Proxy-Authorization header to the list of headers to strip + from requests when redirecting to a different host. As before, + different headers can be set via Retry.remove_headers_on_redirect. + + Allowed passing negative integers as amt to read methods of + http.client.HTTPResponse as an alternative to None. + + Fixed issue where InsecureRequestWarning was emitted for HTTPS + connections when using Emscripten. + + Fixed HTTPConnectionPool.urlopen to stop automatically casting + non-proxy headers to HTTPHeaderDict. This change was premature as it + did not apply to proxy headers and HTTPHeaderDict does not handle byte + header values correctly yet. + + Changed InvalidChunkLength to ProtocolError when response terminates + before the chunk length is sent. + + Changed ProtocolError to be more verbose on incomplete reads with + excess content. + + Added support for HTTPResponse.read1() method. + + Fixed issue where requests against urls with trailing dots were + failing due to SSL errors when using proxy. + + Fixed HTTPConnection.proxy_is_verified and + HTTPSConnection.proxy_is_verified to be always set to a boolean after + connecting to a proxy. It could be None in some cases previously. + + Fixed an issue where headers passed in a request with json= would be + mutated + + Fixed HTTPSConnection.is_verified to be set to False when connecting + from a HTTPS proxy to an HTTP target. It was set to True previously. + + Fixed handling of new error message from OpenSSL 3.2.0 when configuring + an HTTP proxy as HTTPS + + Fixed TLS 1.3 post-handshake auth when the server certificate + validation is disabled + * HTTP/2 (experimental) + + Excluded Transfer-Encoding: chunked from HTTP/2 request body + + Added a probing mechanism for determining whether a given target + origin supports HTTP/2 via ALPN. + + Add support for sending a request body with HTTP/2 + * Removals + + Drop support for end-of-life PyPy3.8 and PyPy3.9. +- Drop patches, they are now included upstream: + * CVE-2024-37891.patch + * openssl-3.2.patch +- Included patched hypercorn, which is only unpacked and used for the test + suite. + +------------------------------------------------------------------- Old: ---- CVE-2024-37891.patch openssl-3.2.patch urllib3-2.1.0.tar.gz New: ---- hypercorn-d1719f8c1570cbd8e6a3719ffdb14a4d72880abb.tar.gz urllib3-2.2.3.tar.gz BETA DEBUG BEGIN: Old:- Drop patches, they are now included upstream: * CVE-2024-37891.patch * openssl-3.2.patch Old: * CVE-2024-37891.patch * openssl-3.2.patch - Included patched hypercorn, which is only unpacked and used for the test BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-urllib3.spec ++++++ --- /var/tmp/diff_new_pack.yFxZeI/_old 2024-10-03 18:00:51.667388928 +0200 +++ /var/tmp/diff_new_pack.yFxZeI/_new 2024-10-03 18:00:51.671389095 +0200 @@ -18,6 +18,8 @@ %global flavor @BUILD_FLAVOR@%{nil} %if "%{flavor}" == "test" +# No Quart for Python 3.10 +%define skip_python310 1 %define psuffix -test %bcond_without test %else @@ -26,42 +28,45 @@ %endif %{?sle15_python_module_pythons} Name: python-urllib3%{psuffix} -Version: 2.1.0 +Version: 2.2.3 Release: 0 Summary: HTTP library with thread-safe connection pooling, file post, and more License: MIT URL: https://urllib3.readthedocs.org/ Source: https://files.pythonhosted.org/packages/source/u/urllib3/urllib3-%{version}.tar.gz -# PATCH-FIX-OPENSUSE openssl-3.2.patch gh#urllib3/urllib3#3271 -Patch1: openssl-3.2.patch -# PATCH-FIX-UPSTREAM https://github.com/urllib3/urllib3/commit/accff72ecc2f6cf5a76d9570198a93ac7c90270e Strip Proxy-Authorization header on redirects -Patch2: CVE-2024-37891.patch -BuildRequires: %{python_module base >= 3.7} +# https://github.com/urllib3/urllib3/issues/3334 +%define hypercorn_commit d1719f8c1570cbd8e6a3719ffdb14a4d72880abb +Source1: https://github.com/urllib3/hypercorn/archive/%{hypercorn_commit}/hypercorn-%{hypercorn_commit}.tar.gz +BuildRequires: %{python_module base >= 3.8} +BuildRequires: %{python_module hatch-vcs} BuildRequires: %{python_module hatchling} BuildRequires: %{python_module pip} BuildRequires: fdupes BuildRequires: python-rpm-macros #!BuildIgnore: python-requests Requires: ca-certificates-mozilla -Requires: python-certifi -Requires: python-cryptography >= 1.9 -Requires: python-idna >= 3.4 -Requires: python-pyOpenSSL >= 23.2.0 Recommends: python-Brotli >= 1.0.9 Recommends: python-PySocks >= 1.7.1 +Recommends: python-h2 >= 4 +Recommends: python-zstandard >= 0.18 BuildArch: noarch %if %{with test} BuildRequires: %{python_module Brotli >= 1.0.9} BuildRequires: %{python_module PySocks >= 1.7.1} -BuildRequires: %{python_module certifi} -BuildRequires: %{python_module cryptography >= 1.9} +BuildRequires: %{python_module Quart >= 0.19} +BuildRequires: %{python_module cryptography >= 43} BuildRequires: %{python_module flaky} -BuildRequires: %{python_module idna >= 3.4} +BuildRequires: %{python_module h2 >= 4.1} +BuildRequires: %{python_module httpx >= 0.25} +BuildRequires: %{python_module idna >= 3.7} BuildRequires: %{python_module psutil} +BuildRequires: %{python_module pyOpenSSL >= 24.2} BuildRequires: %{python_module pytest >= 7.4.0} +BuildRequires: %{python_module pytest-socket >= 0.7} BuildRequires: %{python_module pytest-timeout >= 2.1.0} BuildRequires: %{python_module pytest-xdist} -BuildRequires: %{python_module tornado >= 6.2} +BuildRequires: %{python_module quart-trio >= 0.11} +BuildRequires: %{python_module trio >= 0.26} BuildRequires: %{python_module trustme >= 0.9.0} BuildRequires: %{python_module urllib3 >= %{version}} BuildRequires: timezone @@ -88,6 +93,11 @@ %prep %autosetup -p1 -n urllib3-%{version} +# https://github.com/urllib3/urllib3/issues/3334 +%if %{with test} +mkdir ../patched-hypercorn +tar -C ../patched-hypercorn -zxf %{SOURCE1} +%endif find . -type f -exec chmod a-x '{}' \; find . -name __pycache__ -type d -exec rm -fr {} + @@ -104,6 +114,8 @@ %if %{with test} %check +# https://github.com/urllib3/urllib3/issues/3334 +export PYTHONPATH="$PWD/../patched-hypercorn/hypercorn-%{hypercorn_commit}/src" # gh#urllib3/urllib3#2109 export CI="true" # skip some randomly failing tests (mostly on i586, but sometimes they fail on other architectures) @@ -116,6 +128,8 @@ skiplist+=" or test_requesting_large_resources_via_ssl" # Try to access external evil.com skiplist+=" or test_deprecated_no_scheme" +# weird threading issues on OBS runners +skiplist+=" or test_http2_probe_blocked_per_thread" %pytest %{?jobs:-n %jobs} -k "not (${skiplist})" --ignore test/with_dummyserver/test_socketlevel.py %endif @@ -124,6 +138,6 @@ %license LICENSE.txt %doc CHANGES.rst README.md %{python_sitelib}/urllib3 -%{python_sitelib}/urllib3-%{version}*-info +%{python_sitelib}/urllib3-%{version}.dist-info %endif ++++++ urllib3-2.1.0.tar.gz -> urllib3-2.2.3.tar.gz ++++++ ++++ 10989 lines of diff (skipped)
