Hello community, here is the log from the commit of package python-requests for openSUSE:Factory checked in at 2018-11-28 11:09:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-requests (Old) and /work/SRC/openSUSE:Factory/.python-requests.new.19453 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-requests" Wed Nov 28 11:09:39 2018 rev:53 rq:651559 version:2.20.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-requests/python-requests.changes 2018-11-12 09:50:40.324352168 +0100 +++ /work/SRC/openSUSE:Factory/.python-requests.new.19453/python-requests.changes 2018-11-28 11:09:44.935204209 +0100 @@ -1,0 +2,8 @@ +Fri Nov 23 21:34:10 UTC 2018 - Arun Persaud <a...@gmx.de> + +- update to version 2.20.1: + * Bugfixes + + Fixed bug with unintended Authorization header stripping for + redirects using default ports (http/80, https/443). + +------------------------------------------------------------------- Old: ---- requests-2.20.0.tar.gz New: ---- requests-2.20.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-requests.spec ++++++ --- /var/tmp/diff_new_pack.CyWk0w/_old 2018-11-28 11:09:48.699199091 +0100 +++ /var/tmp/diff_new_pack.CyWk0w/_new 2018-11-28 11:09:48.703199085 +0100 @@ -22,12 +22,7 @@ %define test 1 %endif %{?!python_module:%define python_module() python-%{**} python3-%{**}} -%if %{test} -Name: python-requests-%{flavor} -%else -Name: python-requests -%endif -Version: 2.20.0 +Version: 2.20.1 Release: 0 Summary: Python HTTP Library License: Apache-2.0 @@ -56,6 +51,11 @@ Recommends: python-pyOpenSSL >= 0.14 BuildArch: noarch %if %{test} +Name: python-requests-%{flavor} +%else +Name: python-requests +%endif +%if %{test} BuildRequires: %{python_module PySocks >= 1.5.6} BuildRequires: %{python_module chardet >= 3.0.2} BuildRequires: %{python_module idna < 2.8} ++++++ requests-2.20.0.tar.gz -> requests-2.20.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/requests-2.20.0/HISTORY.md new/requests-2.20.1/HISTORY.md --- old/requests-2.20.0/HISTORY.md 2018-10-18 17:41:45.000000000 +0200 +++ new/requests-2.20.1/HISTORY.md 2018-11-08 18:13:19.000000000 +0100 @@ -8,6 +8,14 @@ - \[Short description of non-trivial change.\] +2.20.1 (2018-11-08) +------------------- + +**Bugfixes** + +- Fixed bug with unintended Authorization header stripping for + redirects using default ports (http/80, https/443). + 2.20.0 (2018-10-18) ------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/requests-2.20.0/PKG-INFO new/requests-2.20.1/PKG-INFO --- old/requests-2.20.0/PKG-INFO 2018-10-18 17:45:26.000000000 +0200 +++ new/requests-2.20.1/PKG-INFO 2018-11-08 18:19:45.000000000 +0100 @@ -1,12 +1,11 @@ -Metadata-Version: 1.2 +Metadata-Version: 2.1 Name: requests -Version: 2.20.0 +Version: 2.20.1 Summary: Python HTTP for Humans. Home-page: http://python-requests.org Author: Kenneth Reitz Author-email: m...@kennethreitz.org License: Apache 2.0 -Description-Content-Type: text/markdown Description: Requests: HTTP for Humans™ ========================== @@ -131,3 +130,6 @@ Classifier: Programming Language :: Python :: Implementation :: CPython Classifier: Programming Language :: Python :: Implementation :: PyPy Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.* +Description-Content-Type: text/markdown +Provides-Extra: security +Provides-Extra: socks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/requests-2.20.0/requests/__version__.py new/requests-2.20.1/requests/__version__.py --- old/requests-2.20.0/requests/__version__.py 2018-10-18 17:41:45.000000000 +0200 +++ new/requests-2.20.1/requests/__version__.py 2018-11-08 18:13:37.000000000 +0100 @@ -5,8 +5,8 @@ __title__ = 'requests' __description__ = 'Python HTTP for Humans.' __url__ = 'http://python-requests.org' -__version__ = '2.20.0' -__build__ = 0x022000 +__version__ = '2.20.1' +__build__ = 0x022001 __author__ = 'Kenneth Reitz' __author_email__ = 'm...@kennethreitz.org' __license__ = 'Apache 2.0' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/requests-2.20.0/requests/sessions.py new/requests-2.20.1/requests/sessions.py --- old/requests-2.20.0/requests/sessions.py 2018-10-18 17:41:46.000000000 +0200 +++ new/requests-2.20.1/requests/sessions.py 2018-11-08 18:09:42.000000000 +0100 @@ -19,7 +19,7 @@ from .models import Request, PreparedRequest, DEFAULT_REDIRECT_LIMIT from .hooks import default_hooks, dispatch_hook from ._internal_utils import to_native_string -from .utils import to_key_val_list, default_headers +from .utils import to_key_val_list, default_headers, DEFAULT_PORTS from .exceptions import ( TooManyRedirects, InvalidSchema, ChunkedEncodingError, ContentDecodingError) @@ -128,8 +128,17 @@ if (old_parsed.scheme == 'http' and old_parsed.port in (80, None) and new_parsed.scheme == 'https' and new_parsed.port in (443, None)): return False + + # Handle default port usage corresponding to scheme. + changed_port = old_parsed.port != new_parsed.port + changed_scheme = old_parsed.scheme != new_parsed.scheme + default_port = (DEFAULT_PORTS.get(old_parsed.scheme, None), None) + if (not changed_scheme and old_parsed.port in default_port + and new_parsed.port in default_port): + return False + # Standard case: root URI must match - return old_parsed.port != new_parsed.port or old_parsed.scheme != new_parsed.scheme + return changed_port or changed_scheme def resolve_redirects(self, resp, req, stream=False, timeout=None, verify=True, cert=None, proxies=None, yield_requests=False, **adapter_kwargs): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/requests-2.20.0/requests/utils.py new/requests-2.20.1/requests/utils.py --- old/requests-2.20.0/requests/utils.py 2018-10-18 17:41:46.000000000 +0200 +++ new/requests-2.20.1/requests/utils.py 2018-11-08 18:09:42.000000000 +0100 @@ -38,6 +38,8 @@ DEFAULT_CA_BUNDLE_PATH = certs.where() +DEFAULT_PORTS = {'http': 80, 'https': 443} + if sys.platform == 'win32': # provide a proxy_bypass version on Windows without DNS lookups @@ -264,7 +266,7 @@ >>> from_key_val_list([('key', 'val')]) OrderedDict([('key', 'val')]) >>> from_key_val_list('string') - ValueError: need more than 1 value to unpack + ValueError: cannot encode objects that are not 2-tuples >>> from_key_val_list({'key': 'val'}) OrderedDict([('key', 'val')]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/requests-2.20.0/requests.egg-info/PKG-INFO new/requests-2.20.1/requests.egg-info/PKG-INFO --- old/requests-2.20.0/requests.egg-info/PKG-INFO 2018-10-18 17:45:25.000000000 +0200 +++ new/requests-2.20.1/requests.egg-info/PKG-INFO 2018-11-08 18:19:45.000000000 +0100 @@ -1,12 +1,11 @@ -Metadata-Version: 1.2 +Metadata-Version: 2.1 Name: requests -Version: 2.20.0 +Version: 2.20.1 Summary: Python HTTP for Humans. Home-page: http://python-requests.org Author: Kenneth Reitz Author-email: m...@kennethreitz.org License: Apache 2.0 -Description-Content-Type: text/markdown Description: Requests: HTTP for Humans™ ========================== @@ -131,3 +130,6 @@ Classifier: Programming Language :: Python :: Implementation :: CPython Classifier: Programming Language :: Python :: Implementation :: PyPy Requires-Python: >=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.* +Description-Content-Type: text/markdown +Provides-Extra: security +Provides-Extra: socks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/requests-2.20.0/tests/test_requests.py new/requests-2.20.1/tests/test_requests.py --- old/requests-2.20.0/tests/test_requests.py 2018-10-18 17:41:46.000000000 +0200 +++ new/requests-2.20.1/tests/test_requests.py 2018-11-08 18:09:42.000000000 +0100 @@ -1611,6 +1611,17 @@ s = requests.Session() assert s.should_strip_auth('http://example.com:1234/foo', 'https://example.com:4321/bar') + @pytest.mark.parametrize( + 'old_uri, new_uri', ( + ('https://example.com:443/foo', 'https://example.com/bar'), + ('http://example.com:80/foo', 'http://example.com/bar'), + ('https://example.com/foo', 'https://example.com:443/bar'), + ('http://example.com/foo', 'http://example.com:80/bar') + )) + def test_should_strip_auth_default_port(self, old_uri, new_uri): + s = requests.Session() + assert not s.should_strip_auth(old_uri, new_uri) + def test_manual_redirect_with_partial_body_read(self, httpbin): s = requests.Session() r1 = s.get(httpbin('redirect/2'), allow_redirects=False, stream=True)