diff options
| -rw-r--r-- | debian/changelog | 14 | ||||
| -rw-r--r-- | debian/patches/05_avoid-embedded-ssl-match-hostname.patch | 22 | ||||
| -rw-r--r-- | debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch | 56 | ||||
| -rw-r--r-- | debian/patches/06_do-not-make-SSLv3-mandatory.patch | 25 | ||||
| -rw-r--r-- | debian/patches/series | 3 |
5 files changed, 63 insertions, 57 deletions
diff --git a/debian/changelog b/debian/changelog index c8ec7d8..2d8e46e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +python-urllib3 (1.9.1-3) unstable; urgency=medium + + [ Stefano Rivera ] + * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with + 05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with + cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: #755106, #763389) + + [ Daniele Tricoli ] + * debian/patches/06_do-not-make-SSLv3-mandatory.patch + - Since SSL version 3 is insecure it is supported only if Python + supports it. (Closes: #770246) + + -- Daniele Tricoli <eriol@mornie.org> Thu, 20 Nov 2014 13:17:59 +0100 + python-urllib3 (1.9.1-2) unstable; urgency=medium * debian/control diff --git a/debian/patches/05_avoid-embedded-ssl-match-hostname.patch b/debian/patches/05_avoid-embedded-ssl-match-hostname.patch new file mode 100644 index 0000000..36d65e0 --- /dev/null +++ b/debian/patches/05_avoid-embedded-ssl-match-hostname.patch @@ -0,0 +1,22 @@ +Description: Do not use embedded copy of ssl.match_hostname, when possible + The system python has the necessary features backported, since 2.7.8-7 (and + 221a1f9155e2, releasing in 2.7.9, upstream). However, alternative python + implementations don't, yet, and urllib3 is used by pip in virtualenvs. +Author: Stefano Rivera <stefanor@debian.org> +Forwarded: not-needed +Last-Update: 2014-11-18 + +--- a/urllib3/packages/__init__.py ++++ b/urllib3/packages/__init__.py +@@ -1,4 +1,9 @@ + from __future__ import absolute_import + +-from . import ssl_match_hostname +- ++try: ++ # cPython >= 2.7.9 has ssl features backported from Python3 ++ from ssl import CertificateError ++ del CertificateError ++ import ssl as ssl_match_hostname ++except ImportError: ++ from . import ssl_match_hostname diff --git a/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch b/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch deleted file mode 100644 index b58f31d..0000000 --- a/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch +++ /dev/null @@ -1,56 +0,0 @@ -Description: Do not use embedded copy of ssl.match_hostname. -Author: Daniele Tricoli <eriol@mornie.org> -Forwarded: not-needed -Last-Update: 2014-09-23 - ---- a/test/test_connectionpool.py -+++ b/test/test_connectionpool.py -@@ -6,7 +6,7 @@ - HTTPConnectionPool, - ) - from urllib3.util.timeout import Timeout --from urllib3.packages.ssl_match_hostname import CertificateError -+from ssl import CertificateError - from urllib3.exceptions import ( - ClosedPoolError, - EmptyPoolError, ---- a/urllib3/connection.py -+++ b/urllib3/connection.py -@@ -39,7 +39,7 @@ - ConnectTimeoutError, - SystemTimeWarning, - ) --from .packages.ssl_match_hostname import match_hostname -+from ssl import match_hostname - - from .util.ssl_ import ( - resolve_cert_reqs, ---- a/urllib3/connectionpool.py -+++ b/urllib3/connectionpool.py -@@ -26,7 +26,7 @@ - TimeoutError, - InsecureRequestWarning, - ) --from .packages.ssl_match_hostname import CertificateError -+from ssl import CertificateError - import six - from .connection import ( - port_by_scheme, ---- a/urllib3/packages/__init__.py -+++ b/urllib3/packages/__init__.py -@@ -1,4 +1,3 @@ - from __future__ import absolute_import - --from . import ssl_match_hostname - ---- a/setup.py -+++ b/setup.py -@@ -42,7 +42,7 @@ - url='http://urllib3.readthedocs.org/', - license='MIT', - packages=['urllib3', -- 'urllib3.packages', 'urllib3.packages.ssl_match_hostname', -+ 'urllib3.packages', - 'urllib3.contrib', 'urllib3.util', - ], - requires=[], diff --git a/debian/patches/06_do-not-make-SSLv3-mandatory.patch b/debian/patches/06_do-not-make-SSLv3-mandatory.patch new file mode 100644 index 0000000..0ce3f4a --- /dev/null +++ b/debian/patches/06_do-not-make-SSLv3-mandatory.patch @@ -0,0 +1,25 @@ +Description: Since SSL version 3 is insicure it is supported only if Python + supports it. In Debian SSL version 3 is disabled in system Python since + 2.7.8-12. +Author: Daniele Tricoli <eriol@mornie.org> +Forwarded: https://github.com/shazow/urllib3/issues/487#issuecomment-63805742 +Last/Update: 2014-11-20 + +--- a/urllib3/contrib/pyopenssl.py ++++ b/urllib3/contrib/pyopenssl.py +@@ -70,9 +70,14 @@ + # Map from urllib3 to PyOpenSSL compatible parameter-values. + _openssl_versions = { + ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD, +- ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD, + ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD, + } ++ ++try: ++ _openssl_versions.update({ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD}) ++except AttributeError: ++ pass ++ + _openssl_verify = { + ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE, + ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER, diff --git a/debian/patches/series b/debian/patches/series index cddf757..30602ad 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,4 +2,5 @@ 02_require-cert-verification.patch 03_force_setuptools.patch 04_relax_nosetests_options.patch -05_do-not-use-embedded-ssl-match-hostname.patch +05_avoid-embedded-ssl-match-hostname.patch +06_do-not-make-SSLv3-mandatory.patch |