Hello community,
here is the log from the commit of package python3-urllib3 for openSUSE:Factory
checked in at 2016-11-17 12:23:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python3-urllib3 (Old)
and /work/SRC/openSUSE:Factory/.python3-urllib3.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python3-urllib3"
Changes:
--------
--- /work/SRC/openSUSE:Factory/python3-urllib3/python3-urllib3.changes
2016-07-01 09:51:56.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.python3-urllib3.new/python3-urllib3.changes
2016-11-17 12:23:23.000000000 +0100
@@ -1,0 +2,68 @@
+Thu Oct 27 16:13:50 UTC 2016 - a...@gmx.de
+
+- update urllib3-ssl-default-context.patch
+
+- update to version 1.18.1:
+ * CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with
+ PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This
+ release fixes a vulnerability whereby urllib3 in the above configuration
+ would silently fail to validate TLS certificates due to erroneously setting
+ invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous
+ flags do not cause a problem in OpenSSL versions before 1.1.0, which
+ interprets the presence of any flag as requesting certificate validation.
+
+ There is no PR for this patch, as it was prepared for simultaneous
disclosure
+ and release. There will be a PR for the equivalent fix in the master
branch.
+
+-------------------------------------------------------------------
+Mon Sep 26 15:39:25 UTC 2016 - a...@gmx.de
+
+- update to version 1.18:
+ * Fixed incorrect message for IncompleteRead exception. (PR #973)
+ * Accept "iPAddress" subject alternative name fields in TLS
+ certificates. (Issue #258)
+ * Fixed consistency of "HTTPResponse.closed" between Python 2 and 3.
+ (Issue #977)
+ * Fixed handling of wildcard certificates when using
+ PyOpenSSL. (Issue #979)
+
+-------------------------------------------------------------------
+Sat Sep 10 14:09:40 UTC 2016 - a...@gmx.de
+
+- specfile:
+ * update line numbers in urllib3-test-ssl-drop-sslv3.patch
+
+- update to version 1.17:
+ * Accept "SSLContext" objects for use in SSL/TLS negotiation. (Issue
+ #835)
+ * ConnectionPool debug log now includes scheme, host, and
+ port. (Issue #897)
+ * Substantially refactored documentation. (Issue #887)
+ * Used URLFetch default timeout on AppEngine, rather than hardcoding
+ our own. (Issue #858)
+ * Normalize the scheme and host in the URL parser (Issue #833)
+ * "HTTPResponse" contains the last "Retry" object, which now also
+ contains retries history. (Issue #848)
+ * Timeout can no longer be set as boolean, and must be greater than
+ zero. (PR #924)
+ * Removed pyasn1 and ndg-httpsclient from dependencies used for
+ PyOpenSSL. We now use cryptography and idna, both of which are
+ already dependencies of PyOpenSSL. (PR #930)
+ * Fixed infinite loop in "stream" when amt=None. (Issue #928)
+ * Try to use the operating system's certificates when we are using
+ an "SSLContext". (PR #941)
+ * Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is
+ preferred to ChaCha20, but ChaCha20 is then preferred to
+ everything else. (PR #947)
+ * Updated cipher suite list to remove 3DES-based cipher suites. (PR
+ #958)
+ * Removed the cipher suite fallback to allow HIGH ciphers. (PR #958)
+ * Implemented "length_remaining" to determine remaining content to
+ be read. (PR #949)
+ * Implemented "enforce_content_length" to enable exceptions when
+ incomplete data chunks are received. (PR #949)
+ * Dropped connection start, dropped connection reset, redirect,
+ forced retry, and new HTTPS connection log levels to DEBUG, from
+ INFO. (PR #967)
+
+-------------------------------------------------------------------
Old:
----
urllib3-1.16.tar.gz
New:
----
urllib3-1.18.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python3-urllib3.spec ++++++
--- /var/tmp/diff_new_pack.nC4GIh/_old 2016-11-17 12:23:24.000000000 +0100
+++ /var/tmp/diff_new_pack.nC4GIh/_new 2016-11-17 12:23:24.000000000 +0100
@@ -17,7 +17,7 @@
Name: python3-urllib3
-Version: 1.16
+Version: 1.18.1
Release: 0
Summary: HTTP library with thread-safe connection pooling, file post,
and more
License: MIT
@@ -27,6 +27,7 @@
# PATCH-FIX-OPENSUSE speili...@suse.com -- We need no coverage report
Patch1: urllib3-test-no-coverage.patch
# PATCH-FEATURE-UPSTREAM -- use set_default_verify_paths() if no certificate
path is supplied
+# should be removed in the future, see SR#437853
Patch2: urllib3-ssl-default-context.patch
# PATCH-FIX-OPENSUSE -- do not use unsupported SSLv3 in tests
Patch3: urllib3-test-ssl-drop-sslv3.patch
++++++ urllib3-1.16.tar.gz -> urllib3-1.18.1.tar.gz ++++++
++++ 5795 lines of diff (skipped)
++++++ urllib3-ssl-default-context.patch ++++++
--- /var/tmp/diff_new_pack.nC4GIh/_old 2016-11-17 12:23:24.000000000 +0100
+++ /var/tmp/diff_new_pack.nC4GIh/_new 2016-11-17 12:23:24.000000000 +0100
@@ -2,10 +2,10 @@
===================================================================
--- a/urllib3/util/ssl_.py
+++ b/urllib3/util/ssl_.py
-@@ -299,6 +299,8 @@ def ssl_wrap_socket(sock, keyfile=None,
- if e.errno == errno.ENOENT:
- raise SSLError(e)
- raise
+@@ -317,6 +317,8 @@ def ssl_wrap_socket(sock, keyfile=None,
+ elif getattr(context, 'load_default_certs', None) is not None:
+ # try to load OS default certs; works well on Windows (require
Python3.4+)
+ context.load_default_certs()
+ elif cert_reqs != ssl.CERT_NONE and hasattr(context,
'set_default_verify_paths'):
+ context.set_default_verify_paths()
++++++ urllib3-test-ssl-drop-sslv3.patch ++++++
--- /var/tmp/diff_new_pack.nC4GIh/_old 2016-11-17 12:23:24.000000000 +0100
+++ /var/tmp/diff_new_pack.nC4GIh/_new 2016-11-17 12:23:24.000000000 +0100
@@ -2,7 +2,7 @@
===================================================================
--- a/test/with_dummyserver/test_https.py
+++ b/test/with_dummyserver/test_https.py
-@@ -425,21 +425,21 @@ class TestHTTPS(HTTPSDummyServerTestCase
+@@ -464,21 +464,21 @@ class TestHTTPS(HTTPSDummyServerTestCase
class TestHTTPS_TLSv1(HTTPSDummyServerTestCase):
certs = DEFAULT_CERTS.copy()
