Imported Debian patch 1.9.1-3

5 files changed, 63 insertions, 57 deletions

diff --git a/debian/changelog b/debian/changelog
index c8ec7d8..2d8e46e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+python-urllib3 (1.9.1-3) unstable; urgency=medium
+
+  [ Stefano Rivera ]
+  * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with
+    05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with
+    cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: #755106, #763389)
+
+  [ Daniele Tricoli ]
+  * debian/patches/06_do-not-make-SSLv3-mandatory.patch
+    - Since SSL version 3 is insecure it is supported only if Python
+      supports it. (Closes: #770246)
+
+ -- Daniele Tricoli <eriol@mornie.org>  Thu, 20 Nov 2014 13:17:59 +0100
+
 python-urllib3 (1.9.1-2) unstable; urgency=medium
 
   * debian/control
diff --git a/debian/patches/05_avoid-embedded-ssl-match-hostname.patch b/debian/patches/05_avoid-embedded-ssl-match-hostname.patch
new file mode 100644
index 0000000..36d65e0
--- /dev/null
+++ b/debian/patches/05_avoid-embedded-ssl-match-hostname.patch
@@ -0,0 +1,22 @@
+Description: Do not use embedded copy of ssl.match_hostname, when possible
+ The system python has the necessary features backported, since 2.7.8-7 (and
+ 221a1f9155e2, releasing in 2.7.9, upstream). However, alternative python
+ implementations don't, yet, and urllib3 is used by pip in virtualenvs.
+Author: Stefano Rivera <stefanor@debian.org>
+Forwarded: not-needed
+Last-Update: 2014-11-18
+
+--- a/urllib3/packages/__init__.py
++++ b/urllib3/packages/__init__.py
+@@ -1,4 +1,9 @@
+ from __future__ import absolute_import
+ 
+-from . import ssl_match_hostname
+-
++try:
++    # cPython >= 2.7.9 has ssl features backported from Python3
++    from ssl import CertificateError
++    del CertificateError
++    import ssl as ssl_match_hostname
++except ImportError:
++    from . import ssl_match_hostname
diff --git a/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch b/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch
deleted file mode 100644
index b58f31d..0000000
--- a/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Description: Do not use embedded copy of ssl.match_hostname.
-Author: Daniele Tricoli <eriol@mornie.org>
-Forwarded: not-needed
-Last-Update: 2014-09-23
-
---- a/test/test_connectionpool.py
-+++ b/test/test_connectionpool.py
-@@ -6,7 +6,7 @@
-     HTTPConnectionPool,
- )
- from urllib3.util.timeout import Timeout
--from urllib3.packages.ssl_match_hostname import CertificateError
-+from ssl import CertificateError
- from urllib3.exceptions import (
-     ClosedPoolError,
-     EmptyPoolError,
---- a/urllib3/connection.py
-+++ b/urllib3/connection.py
-@@ -39,7 +39,7 @@
-     ConnectTimeoutError,
-     SystemTimeWarning,
- )
--from .packages.ssl_match_hostname import match_hostname
-+from ssl import match_hostname
- 
- from .util.ssl_ import (
-     resolve_cert_reqs,
---- a/urllib3/connectionpool.py
-+++ b/urllib3/connectionpool.py
-@@ -26,7 +26,7 @@
-     TimeoutError,
-     InsecureRequestWarning,
- )
--from .packages.ssl_match_hostname import CertificateError
-+from ssl import CertificateError
- import six
- from .connection import (
-     port_by_scheme,
---- a/urllib3/packages/__init__.py
-+++ b/urllib3/packages/__init__.py
-@@ -1,4 +1,3 @@
- from __future__ import absolute_import
- 
--from . import ssl_match_hostname
- 
---- a/setup.py
-+++ b/setup.py
-@@ -42,7 +42,7 @@
-       url='http://urllib3.readthedocs.org/',
-       license='MIT',
-       packages=['urllib3',
--                'urllib3.packages', 'urllib3.packages.ssl_match_hostname',
-+                'urllib3.packages',
-                 'urllib3.contrib', 'urllib3.util',
-                 ],
-       requires=[],
diff --git a/debian/patches/06_do-not-make-SSLv3-mandatory.patch b/debian/patches/06_do-not-make-SSLv3-mandatory.patch
new file mode 100644
index 0000000..0ce3f4a
--- /dev/null
+++ b/debian/patches/06_do-not-make-SSLv3-mandatory.patch
@@ -0,0 +1,25 @@
+Description: Since SSL version 3 is insicure it is supported only if Python
+ supports it. In Debian SSL version 3 is disabled in system Python since
+ 2.7.8-12.
+Author: Daniele Tricoli <eriol@mornie.org>
+Forwarded: https://github.com/shazow/urllib3/issues/487#issuecomment-63805742
+Last/Update: 2014-11-20
+
+--- a/urllib3/contrib/pyopenssl.py
++++ b/urllib3/contrib/pyopenssl.py
+@@ -70,9 +70,14 @@
+ # Map from urllib3 to PyOpenSSL compatible parameter-values.
+ _openssl_versions = {
+     ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
+-    ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
+     ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
+ }
++
++try:
++    _openssl_versions.update({ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD})
++except AttributeError:
++    pass
++
+ _openssl_verify = {
+     ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE,
+     ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER,
diff --git a/debian/patches/series b/debian/patches/series
index cddf757..30602ad 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,4 +2,5 @@
 02_require-cert-verification.patch
 03_force_setuptools.patch
 04_relax_nosetests_options.patch
-05_do-not-use-embedded-ssl-match-hostname.patch
+05_avoid-embedded-ssl-match-hostname.patch
+06_do-not-make-SSLv3-mandatory.patch