From bfdec437376b65cc03626f27bf850b47d65c24d9 Mon Sep 17 00:00:00 2001
From: Daniele Tricoli <eriol@mornie.org>
Date: Mon, 16 Mar 2015 02:53:20 +0000
Subject: Revert my fix for #770172 since it is not an RC bug while I need to
 fix #780506

---
 ...-not-ascribe-cookies-to-the-target-domain.patch | 17 +++++++++++++++
 .../patches/05_do-not-make-SSLv3-mandatory.patch   | 25 ----------------------
 ...-not-ascribe-cookies-to-the-target-domain.patch | 17 ---------------
 debian/patches/series                              |  3 +--
 4 files changed, 18 insertions(+), 44 deletions(-)
 create mode 100644 debian/patches/05_do-not-ascribe-cookies-to-the-target-domain.patch
 delete mode 100644 debian/patches/05_do-not-make-SSLv3-mandatory.patch
 delete mode 100644 debian/patches/06_do-not-ascribe-cookies-to-the-target-domain.patch

(limited to 'debian/patches')

diff --git a/debian/patches/05_do-not-ascribe-cookies-to-the-target-domain.patch b/debian/patches/05_do-not-ascribe-cookies-to-the-target-domain.patch
new file mode 100644
index 0000000..3dd3bba
--- /dev/null
+++ b/debian/patches/05_do-not-ascribe-cookies-to-the-target-domain.patch
@@ -0,0 +1,17 @@
+Description: Session fixation and cookie stealing.
+ See http://www.openwall.com/lists/oss-security/2015/03/14/4 for a complete
+ description.
+Origin: https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
+Bug-Debian: https://bugs.debian.org/780506
+
+--- a/requests/sessions.py
++++ b/requests/sessions.py
+@@ -168,7 +168,7 @@
+             except KeyError:
+                 pass
+ 
+-            extract_cookies_to_jar(prepared_request._cookies, prepared_request, resp.raw)
++            extract_cookies_to_jar(prepared_request._cookies, req, resp.raw)
+             prepared_request._cookies.update(self.cookies)
+             prepared_request.prepare_cookies(prepared_request._cookies)
+ 
diff --git a/debian/patches/05_do-not-make-SSLv3-mandatory.patch b/debian/patches/05_do-not-make-SSLv3-mandatory.patch
deleted file mode 100644
index dbeef77..0000000
--- a/debian/patches/05_do-not-make-SSLv3-mandatory.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Description: Since SSL version 3 is insecure it is supported only if Python
- supports it. In Debian SSL version 3 is disabled in system Python since
- 2.7.8-12.
-Author: Daniele Tricoli <eriol@mornie.org>
-Forwarded: https://github.com/shazow/urllib3/issues/487#issuecomment-63805742
-Last/Update: 2014-11-20
-
---- a/requests/packages/urllib3/contrib/pyopenssl.py
-+++ b/requests/packages/urllib3/contrib/pyopenssl.py
-@@ -70,9 +70,14 @@
- # Map from urllib3 to PyOpenSSL compatible parameter-values.
- _openssl_versions = {
-     ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
--    ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
-     ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
- }
-+
-+try:
-+    _openssl_versions.update({ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD})
-+except AttributeError:
-+    pass
-+
- _openssl_verify = {
-     ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE,
-     ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER,
diff --git a/debian/patches/06_do-not-ascribe-cookies-to-the-target-domain.patch b/debian/patches/06_do-not-ascribe-cookies-to-the-target-domain.patch
deleted file mode 100644
index 3dd3bba..0000000
--- a/debian/patches/06_do-not-ascribe-cookies-to-the-target-domain.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Description: Session fixation and cookie stealing.
- See http://www.openwall.com/lists/oss-security/2015/03/14/4 for a complete
- description.
-Origin: https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
-Bug-Debian: https://bugs.debian.org/780506
-
---- a/requests/sessions.py
-+++ b/requests/sessions.py
-@@ -168,7 +168,7 @@
-             except KeyError:
-                 pass
- 
--            extract_cookies_to_jar(prepared_request._cookies, prepared_request, resp.raw)
-+            extract_cookies_to_jar(prepared_request._cookies, req, resp.raw)
-             prepared_request._cookies.update(self.cookies)
-             prepared_request.prepare_cookies(prepared_request._cookies)
- 
diff --git a/debian/patches/series b/debian/patches/series
index af44331..bcd27f4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,5 +2,4 @@
 02_use-system-chardet-and-urllib3.patch
 03_export-IncompleteRead.patch
 04_make-requests.packages.urllib3-same-as-urllib3.patch
-05_do-not-make-SSLv3-mandatory.patch
-06_do-not-ascribe-cookies-to-the-target-domain.patch
+05_do-not-ascribe-cookies-to-the-target-domain.patch
-- 
cgit v1.2.3