Hello community, here is the log from the commit of package python-requests for openSUSE:Factory checked in at 2015-04-21 10:53:57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-requests (Old) and /work/SRC/openSUSE:Factory/.python-requests.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-requests" Changes: -------- --- /work/SRC/openSUSE:Factory/python-requests/python-requests.changes 2015-02-25 02:18:36.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python-requests.new/python-requests.changes 2015-04-21 10:53:58.000000000 +0200 @@ -1,0 +2,23 @@ +Mon Apr 20 12:25:21 UTC 2015 - mci...@suse.cz + +- Update to 2.6.0: + - Fix handling of cookies on redirect. Previously a cookie without a host + value set would use the hostname for the redirected URL exposing requests + users to session fixation attacks and potentially cookie stealing. This was + disclosed privately by Matthew Daley of `BugFuzz <https://bugfuzz.com>`_. + An CVE identifier has not yet been assigned for this. This affects all + versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends). + - Fix error when requests is an ``install_requires`` dependency and ``python + setup.py test`` is run. (#2462) + - Fix error when urllib3 is unbundled and requests continues to use the + vendored import location. + - Include fixes to ``urllib3``'s header handling. + - Requests' handling of unvendored dependencies is now more restrictive. + - Support bytearrays when passed as parameters in the ``files`` argument. + (#2468) + - Avoid data duplication when creating a request with ``str``, ``bytes``, or + ``bytearray`` input to the ``files`` argument. + - Revert changes to our vendored certificate bundle. For more context see + (#2455, #2456, and http://bugs.python.org/issue23476) + +------------------------------------------------------------------- Old: ---- requests-2.5.2.tar.gz New: ---- requests-2.6.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-requests.spec ++++++ --- /var/tmp/diff_new_pack.whOA5X/_old 2015-04-21 10:53:58.000000000 +0200 +++ /var/tmp/diff_new_pack.whOA5X/_new 2015-04-21 10:53:58.000000000 +0200 @@ -17,7 +17,7 @@ Name: python-requests -Version: 2.5.2 +Version: 2.6.0 Release: 0 Url: http://python-requests.org Summary: Awesome Python HTTP Library That's Actually Usable ++++++ requests-2.5.2.tar.gz -> requests-2.6.0.tar.gz ++++++ ++++ 1890 lines of diff (skipped)