aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog14
-rw-r--r--debian/patches/05_avoid-embedded-ssl-match-hostname.patch22
-rw-r--r--debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch56
-rw-r--r--debian/patches/06_do-not-make-SSLv3-mandatory.patch25
-rw-r--r--debian/patches/series3
5 files changed, 63 insertions, 57 deletions
diff --git a/debian/changelog b/debian/changelog
index c8ec7d8..2d8e46e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+python-urllib3 (1.9.1-3) unstable; urgency=medium
+
+ [ Stefano Rivera ]
+ * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with
+ 05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with
+ cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: #755106, #763389)
+
+ [ Daniele Tricoli ]
+ * debian/patches/06_do-not-make-SSLv3-mandatory.patch
+ - Since SSL version 3 is insecure it is supported only if Python
+ supports it. (Closes: #770246)
+
+ -- Daniele Tricoli <eriol@mornie.org> Thu, 20 Nov 2014 13:17:59 +0100
+
python-urllib3 (1.9.1-2) unstable; urgency=medium
* debian/control
diff --git a/debian/patches/05_avoid-embedded-ssl-match-hostname.patch b/debian/patches/05_avoid-embedded-ssl-match-hostname.patch
new file mode 100644
index 0000000..36d65e0
--- /dev/null
+++ b/debian/patches/05_avoid-embedded-ssl-match-hostname.patch
@@ -0,0 +1,22 @@
+Description: Do not use embedded copy of ssl.match_hostname, when possible
+ The system python has the necessary features backported, since 2.7.8-7 (and
+ 221a1f9155e2, releasing in 2.7.9, upstream). However, alternative python
+ implementations don't, yet, and urllib3 is used by pip in virtualenvs.
+Author: Stefano Rivera <stefanor@debian.org>
+Forwarded: not-needed
+Last-Update: 2014-11-18
+
+--- a/urllib3/packages/__init__.py
++++ b/urllib3/packages/__init__.py
+@@ -1,4 +1,9 @@
+ from __future__ import absolute_import
+
+-from . import ssl_match_hostname
+-
++try:
++ # cPython >= 2.7.9 has ssl features backported from Python3
++ from ssl import CertificateError
++ del CertificateError
++ import ssl as ssl_match_hostname
++except ImportError:
++ from . import ssl_match_hostname
diff --git a/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch b/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch
deleted file mode 100644
index b58f31d..0000000
--- a/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-Description: Do not use embedded copy of ssl.match_hostname.
-Author: Daniele Tricoli <eriol@mornie.org>
-Forwarded: not-needed
-Last-Update: 2014-09-23
-
---- a/test/test_connectionpool.py
-+++ b/test/test_connectionpool.py
-@@ -6,7 +6,7 @@
- HTTPConnectionPool,
- )
- from urllib3.util.timeout import Timeout
--from urllib3.packages.ssl_match_hostname import CertificateError
-+from ssl import CertificateError
- from urllib3.exceptions import (
- ClosedPoolError,
- EmptyPoolError,
---- a/urllib3/connection.py
-+++ b/urllib3/connection.py
-@@ -39,7 +39,7 @@
- ConnectTimeoutError,
- SystemTimeWarning,
- )
--from .packages.ssl_match_hostname import match_hostname
-+from ssl import match_hostname
-
- from .util.ssl_ import (
- resolve_cert_reqs,
---- a/urllib3/connectionpool.py
-+++ b/urllib3/connectionpool.py
-@@ -26,7 +26,7 @@
- TimeoutError,
- InsecureRequestWarning,
- )
--from .packages.ssl_match_hostname import CertificateError
-+from ssl import CertificateError
- import six
- from .connection import (
- port_by_scheme,
---- a/urllib3/packages/__init__.py
-+++ b/urllib3/packages/__init__.py
-@@ -1,4 +1,3 @@
- from __future__ import absolute_import
-
--from . import ssl_match_hostname
-
---- a/setup.py
-+++ b/setup.py
-@@ -42,7 +42,7 @@
- url='http://urllib3.readthedocs.org/',
- license='MIT',
- packages=['urllib3',
-- 'urllib3.packages', 'urllib3.packages.ssl_match_hostname',
-+ 'urllib3.packages',
- 'urllib3.contrib', 'urllib3.util',
- ],
- requires=[],
diff --git a/debian/patches/06_do-not-make-SSLv3-mandatory.patch b/debian/patches/06_do-not-make-SSLv3-mandatory.patch
new file mode 100644
index 0000000..0ce3f4a
--- /dev/null
+++ b/debian/patches/06_do-not-make-SSLv3-mandatory.patch
@@ -0,0 +1,25 @@
+Description: Since SSL version 3 is insicure it is supported only if Python
+ supports it. In Debian SSL version 3 is disabled in system Python since
+ 2.7.8-12.
+Author: Daniele Tricoli <eriol@mornie.org>
+Forwarded: https://github.com/shazow/urllib3/issues/487#issuecomment-63805742
+Last/Update: 2014-11-20
+
+--- a/urllib3/contrib/pyopenssl.py
++++ b/urllib3/contrib/pyopenssl.py
+@@ -70,9 +70,14 @@
+ # Map from urllib3 to PyOpenSSL compatible parameter-values.
+ _openssl_versions = {
+ ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
+- ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
+ ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
+ }
++
++try:
++ _openssl_versions.update({ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD})
++except AttributeError:
++ pass
++
+ _openssl_verify = {
+ ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE,
+ ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER,
diff --git a/debian/patches/series b/debian/patches/series
index cddf757..30602ad 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,4 +2,5 @@
02_require-cert-verification.patch
03_force_setuptools.patch
04_relax_nosetests_options.patch
-05_do-not-use-embedded-ssl-match-hostname.patch
+05_avoid-embedded-ssl-match-hostname.patch
+06_do-not-make-SSLv3-mandatory.patch