Hello community, here is the log from the commit of package python-requests for openSUSE:Factory checked in at 2016-03-17 16:35:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-requests (Old) and /work/SRC/openSUSE:Factory/.python-requests.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-requests" Changes: -------- --- /work/SRC/openSUSE:Factory/python-requests/python-requests.changes 2016-02-26 00:42:41.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.python-requests.new/python-requests.changes 2016-03-17 16:48:38.000000000 +0100 @@ -1,0 +2,10 @@ +Tue Mar 1 17:44:11 UTC 2016 - jmate...@suse.com + +- update no-default-cacert.patch to simply pass empty CA path +- urllib3-ssl-default-context.patch: patch bundled urllib3 to behave + correctly with regard to empty CA path passed +- change urllib3 fallback requirements to Recommends +- use ca-certificates in SLE as well +- recommend ca-certificates-mozilla to have a basic certificate set + +------------------------------------------------------------------- New: ---- urllib3-ssl-default-context.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-requests.spec ++++++ --- /var/tmp/diff_new_pack.s6sbsu/_old 2016-03-17 16:48:39.000000000 +0100 +++ /var/tmp/diff_new_pack.s6sbsu/_new 2016-03-17 16:48:39.000000000 +0100 @@ -29,19 +29,26 @@ Source: http://pypi.python.org/packages/source/r/requests/requests-%{version}.tar.gz # PATCH-FIX-OPENSUSE no-default-cacert.patch -- Completely ignore the internal CA bundle. Patch0: no-default-cacert.patch +# PATCH-FIX-UPSTREAM update urllib3 to do the proper passthrough to set_default_verify_paths +Patch1: urllib3-ssl-default-context.patch BuildRequires: python BuildRequires: python-devel BuildRequires: python-py BuildRequires: python-setuptools Requires: python -# Really needed? -#Requires: python-ndg-httpsclient -Requires: python-pyOpenSSL -Requires: python-pyasn1 -%if 0%{?suse_version} >= 1120 && !(0%{?suse_version} == 1315 && !0%{?is_opensuse}) +# requirements for pyopenssl fallback of bundled urllib3 +Recommends: python-ndg-httpsclient +Recommends: python-pyOpenSSL +Recommends: python-pyasn1 +%if 0%{?suse_version} <= 1200 +BuildRequires: openssl-certs +Requires: openssl-certs +%else BuildRequires: ca-certificates Requires: ca-certificates %endif +# for good measure, at least recommend an actual set of certificates +Recommends: ca-certificates-mozilla %if 0%{?suse_version} >= 1120 BuildArch: noarch %else @@ -73,10 +80,11 @@ %prep %setup -q -n requests-%{version} -%if 0%{?suse_version} >= 1120 && !(0%{?suse_version} == 1315 && !0%{?is_opensuse}) %patch0 -p1 +pushd requests/packages +%patch1 -p1 +popd rm -f requests/cacert.pem -%endif %build python setup.py build ++++++ no-default-cacert.patch ++++++ --- /var/tmp/diff_new_pack.s6sbsu/_old 2016-03-17 16:48:39.000000000 +0100 +++ /var/tmp/diff_new_pack.s6sbsu/_new 2016-03-17 16:48:39.000000000 +0100 @@ -1,22 +1,39 @@ ---- a/MANIFEST.in -+++ b/MANIFEST.in +Index: requests-2.9.1/MANIFEST.in +=================================================================== +--- requests-2.9.1.orig/MANIFEST.in ++++ requests-2.9.1/MANIFEST.in @@ -1 +1 @@ -include README.rst LICENSE NOTICE HISTORY.rst test_requests.py requirements.txt requests/cacert.pem +include README.rst LICENSE NOTICE HISTORY.rst test_requests.py requirements.txt ---- a/requests/adapters.py -+++ b/requests/adapters.py -@@ -182,9 +182,6 @@ class HTTPAdapter(BaseAdapter): - if not cert_loc: - cert_loc = DEFAULT_CA_BUNDLE_PATH +Index: requests-2.9.1/requests/adapters.py +=================================================================== +--- requests-2.9.1.orig/requests/adapters.py ++++ requests-2.9.1/requests/adapters.py +@@ -179,15 +179,13 @@ class HTTPAdapter(BaseAdapter): + if verify is not True: + cert_loc = verify - if not cert_loc: +- cert_loc = DEFAULT_CA_BUNDLE_PATH +- +- if not cert_loc: - raise Exception("Could not find a suitable SSL CA certificate bundle.") - conn.cert_reqs = 'CERT_REQUIRED' - if not os.path.isdir(cert_loc): ---- a/requests/certs.py -+++ b/requests/certs.py +- if not os.path.isdir(cert_loc): ++ if cert_loc is None: ++ # use default context ++ conn.ca_certs = None ++ conn.ca_cert_dir = None ++ elif not os.path.isdir(cert_loc): + conn.ca_certs = cert_loc + else: + conn.ca_cert_dir = cert_loc +Index: requests-2.9.1/requests/certs.py +=================================================================== +--- requests-2.9.1.orig/requests/certs.py ++++ requests-2.9.1/requests/certs.py @@ -18,8 +18,9 @@ try: except ImportError: def where(): ++++++ urllib3-ssl-default-context.patch ++++++ Index: b/urllib3/util/ssl_.py =================================================================== --- a/urllib3/util/ssl_.py +++ b/urllib3/util/ssl_.py @@ -299,6 +299,8 @@ def ssl_wrap_socket(sock, keyfile=None, if e.errno == errno.ENOENT: raise SSLError(e) raise + elif cert_reqs != ssl.CERT_NONE and hasattr(context, 'set_default_verify_paths'): + context.set_default_verify_paths() if certfile: context.load_cert_chain(certfile, keyfile)
