From ef4ec8903f3642a36635cea16ca54a6ed98b5d54 Mon Sep 17 00:00:00 2001 From: Daniele Tricoli Date: Thu, 8 Oct 2015 13:19:46 -0700 Subject: Do not use embedded copy of python-six. Forwarded: not-needed Patch-Name: 01_do-not-use-embedded-python-six.patch --- dummyserver/handlers.py | 2 +- test/__init__.py | 2 +- test/contrib/test_pyopenssl.py | 2 +- test/test_collections.py | 2 +- test/test_fields.py | 2 +- test/test_filepost.py | 2 +- test/test_retry.py | 2 +- test/with_dummyserver/test_https.py | 2 +- urllib3/_collections.py | 2 +- urllib3/connection.py | 2 +- urllib3/connectionpool.py | 2 +- urllib3/fields.py | 2 +- urllib3/filepost.py | 4 ++-- urllib3/response.py | 4 ++-- urllib3/util/request.py | 2 +- urllib3/util/response.py | 3 ++- urllib3/util/retry.py | 2 +- 17 files changed, 20 insertions(+), 19 deletions(-) diff --git a/dummyserver/handlers.py b/dummyserver/handlers.py index fb6f44f..c5ac9b4 100644 --- a/dummyserver/handlers.py +++ b/dummyserver/handlers.py @@ -264,7 +264,7 @@ def _parse_header(line): """ import tornado.httputil import email.utils - from urllib3.packages import six + import six if not six.PY3: line = line.encode('utf-8') parts = tornado.httputil._parseparam(';' + line) diff --git a/test/__init__.py b/test/__init__.py index f7c4a7a..22d3616 100644 --- a/test/__init__.py +++ b/test/__init__.py @@ -8,7 +8,7 @@ import socket from nose.plugins.skip import SkipTest from urllib3.exceptions import MaxRetryError, HTTPWarning -from urllib3.packages import six +import six # We need a host that will not immediately close the connection with a TCP # Reset. SO suggests this hostname diff --git a/test/contrib/test_pyopenssl.py b/test/contrib/test_pyopenssl.py index 5d57527..f23ff19 100644 --- a/test/contrib/test_pyopenssl.py +++ b/test/contrib/test_pyopenssl.py @@ -1,5 +1,5 @@ from nose.plugins.skip import SkipTest -from urllib3.packages import six +import six if six.PY3: raise SkipTest('Testing of PyOpenSSL disabled on PY3') diff --git a/test/test_collections.py b/test/test_collections.py index 9d72939..78ef634 100644 --- a/test/test_collections.py +++ b/test/test_collections.py @@ -4,7 +4,7 @@ from urllib3._collections import ( HTTPHeaderDict, RecentlyUsedContainer as Container ) -from urllib3.packages import six +import six xrange = six.moves.xrange from nose.plugins.skip import SkipTest diff --git a/test/test_fields.py b/test/test_fields.py index cdec68b..66da148 100644 --- a/test/test_fields.py +++ b/test/test_fields.py @@ -1,7 +1,7 @@ import unittest from urllib3.fields import guess_content_type, RequestField -from urllib3.packages.six import u +from six import u class TestRequestField(unittest.TestCase): diff --git a/test/test_filepost.py b/test/test_filepost.py index 390dbb3..ecc6710 100644 --- a/test/test_filepost.py +++ b/test/test_filepost.py @@ -2,7 +2,7 @@ import unittest from urllib3.filepost import encode_multipart_formdata, iter_fields from urllib3.fields import RequestField -from urllib3.packages.six import b, u +from six import b, u BOUNDARY = '!! test boundary !!' diff --git a/test/test_retry.py b/test/test_retry.py index 421e508..8fcc287 100644 --- a/test/test_retry.py +++ b/test/test_retry.py @@ -1,7 +1,7 @@ import unittest from urllib3.response import HTTPResponse -from urllib3.packages.six.moves import xrange +from six.moves import xrange from urllib3.util.retry import Retry from urllib3.exceptions import ( ConnectTimeoutError, diff --git a/test/with_dummyserver/test_https.py b/test/with_dummyserver/test_https.py index 7319d7e..8c16d30 100644 --- a/test/with_dummyserver/test_https.py +++ b/test/with_dummyserver/test_https.py @@ -36,7 +36,7 @@ from urllib3.exceptions import ( SystemTimeWarning, InsecurePlatformWarning, ) -from urllib3.packages import six +import six from urllib3.util.timeout import Timeout from urllib3.util.ssl_ import HAS_SNI diff --git a/urllib3/_collections.py b/urllib3/_collections.py index 67f3ce9..b69ce20 100644 --- a/urllib3/_collections.py +++ b/urllib3/_collections.py @@ -15,7 +15,7 @@ try: # Python 2.7+ from collections import OrderedDict except ImportError: from .packages.ordered_dict import OrderedDict -from .packages.six import iterkeys, itervalues, PY3 +from six import iterkeys, itervalues, PY3 __all__ = ['RecentlyUsedContainer', 'HTTPHeaderDict'] diff --git a/urllib3/connection.py b/urllib3/connection.py index 1e4cd41..0075541 100644 --- a/urllib3/connection.py +++ b/urllib3/connection.py @@ -5,7 +5,7 @@ import sys import socket from socket import error as SocketError, timeout as SocketTimeout import warnings -from .packages import six +import six try: # Python 3 from http.client import HTTPConnection as _HTTPConnection diff --git a/urllib3/connectionpool.py b/urllib3/connectionpool.py index 995b416..2204b30 100644 --- a/urllib3/connectionpool.py +++ b/urllib3/connectionpool.py @@ -31,7 +31,7 @@ from .exceptions import ( NewConnectionError, ) from .packages.ssl_match_hostname import CertificateError -from .packages import six +import six from .connection import ( port_by_scheme, DummyConnection, diff --git a/urllib3/fields.py b/urllib3/fields.py index c7d4811..2152829 100644 --- a/urllib3/fields.py +++ b/urllib3/fields.py @@ -2,7 +2,7 @@ from __future__ import absolute_import import email.utils import mimetypes -from .packages import six +import six def guess_content_type(filename, default='application/octet-stream'): diff --git a/urllib3/filepost.py b/urllib3/filepost.py index 97a2843..2fea190 100644 --- a/urllib3/filepost.py +++ b/urllib3/filepost.py @@ -4,8 +4,8 @@ import codecs from uuid import uuid4 from io import BytesIO -from .packages import six -from .packages.six import b +import six +from six import b from .fields import RequestField writer = codecs.lookup('utf-8')[3] diff --git a/urllib3/response.py b/urllib3/response.py index 8f2a1b5..e034068 100644 --- a/urllib3/response.py +++ b/urllib3/response.py @@ -9,8 +9,8 @@ from ._collections import HTTPHeaderDict from .exceptions import ( ProtocolError, DecodeError, ReadTimeoutError, ResponseNotChunked ) -from .packages.six import string_types as basestring, binary_type, PY3 -from .packages.six.moves import http_client as httplib +from six import string_types as basestring, binary_type, PY3 +from six.moves import http_client as httplib from .connection import HTTPException, BaseSSLError from .util.response import is_fp_closed, is_response_to_head diff --git a/urllib3/util/request.py b/urllib3/util/request.py index 7377931..40bf0b4 100644 --- a/urllib3/util/request.py +++ b/urllib3/util/request.py @@ -1,7 +1,7 @@ from __future__ import absolute_import from base64 import b64encode -from ..packages.six import b +from six import b ACCEPT_ENCODING = 'gzip,deflate' diff --git a/urllib3/util/response.py b/urllib3/util/response.py index bc72327..efb9e04 100644 --- a/urllib3/util/response.py +++ b/urllib3/util/response.py @@ -1,5 +1,6 @@ from __future__ import absolute_import -from ..packages.six.moves import http_client as httplib + +from six.moves import http_client as httplib from ..exceptions import HeaderParsingError diff --git a/urllib3/util/retry.py b/urllib3/util/retry.py index 03a0124..fd1f5dd 100644 --- a/urllib3/util/retry.py +++ b/urllib3/util/retry.py @@ -9,7 +9,7 @@ from ..exceptions import ( ReadTimeoutError, ResponseError, ) -from ..packages import six +import six log = logging.getLogger(__name__) -- cgit v1.2.3 From 3bc2dc494dd62e4a86e625dd3b5cb14880d3d268 Mon Sep 17 00:00:00 2001 From: Jamie Strandboge Date: Thu, 8 Oct 2015 13:19:47 -0700 Subject: require SSL certificate validation by default by using CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt Bug-Ubuntu: https://launchpad.net/bugs/1047054 Bug-Debian: http://bugs.debian.org/686872 Last-Update: 2014-09-01 Patch-Name: 02_require-cert-verification.patch --- urllib3/connectionpool.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/urllib3/connectionpool.py b/urllib3/connectionpool.py index 2204b30..ef60000 100644 --- a/urllib3/connectionpool.py +++ b/urllib3/connectionpool.py @@ -683,6 +683,8 @@ class HTTPSConnectionPool(HTTPConnectionPool): ``ca_cert_dir``, and ``ssl_version`` are only used if :mod:`ssl` is available and are fed into :meth:`urllib3.util.ssl_wrap_socket` to upgrade the connection socket into an SSL socket. + + On Debian, SSL certificate validation is required by default """ scheme = 'https' @@ -692,8 +694,8 @@ class HTTPSConnectionPool(HTTPConnectionPool): strict=False, timeout=Timeout.DEFAULT_TIMEOUT, maxsize=1, block=False, headers=None, retries=None, _proxy=None, _proxy_headers=None, - key_file=None, cert_file=None, cert_reqs=None, - ca_certs=None, ssl_version=None, + key_file=None, cert_file=None, cert_reqs='CERT_REQUIRED', + ca_certs='/etc/ssl/certs/ca-certificates.crt', ssl_version=None, assert_hostname=None, assert_fingerprint=None, ca_cert_dir=None, **conn_kw): -- cgit v1.2.3 From 8cbae66e2b04e31a7d8f96f646eb2a758234e46e Mon Sep 17 00:00:00 2001 From: Barry Warsaw Date: Thu, 8 Oct 2015 13:19:49 -0700 Subject: Use setuptools.setup() so that the bdist_wheel command will work. Last-Update: 2014-05-15 Patch-Name: 03_force_setuptools.patch --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 0a2dac3..02d5ec6 100644 --- a/setup.py +++ b/setup.py @@ -1,6 +1,6 @@ #!/usr/bin/env python -from distutils.core import setup +from setuptools import setup import os import re -- cgit v1.2.3 From bcaf5c8834b99ecd6f187d4f67c7e356c97d31ae Mon Sep 17 00:00:00 2001 From: Daniele Tricoli Date: Thu, 8 Oct 2015 13:19:50 -0700 Subject: Do not use logging-clear-handlers to see all logging output and disable cover-min-percentage since it require python-nose (>= 1.3): this way it will be easier to backport python-urllib3 to Wheezy. Forwarded: not-needed Last-Update: 2014-7-7 Patch-Name: 04_relax_nosetests_options.patch --- setup.cfg | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup.cfg b/setup.cfg index b5fe992..ca24a71 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,8 +1,8 @@ [nosetests] -logging-clear-handlers = true +# logging-clear-handlers = true with-coverage = true cover-package = urllib3 -cover-min-percentage = 100 +# cover-min-percentage = 100 cover-erase = true [flake8] -- cgit v1.2.3 From 01eb41ddb423818d06a60ab7e40aae9cb7dcb23e Mon Sep 17 00:00:00 2001 From: Stefano Rivera Date: Thu, 8 Oct 2015 13:19:51 -0700 Subject: Do not use embedded copy of ssl.match_hostname, when possible The system python has the necessary features backported, since 2.7.8-7 (and 221a1f9155e2, releasing in 2.7.9, upstream). However, alternative python implementations don't, yet, and urllib3 is used by pip in virtualenvs. Forwarded: not-needed Last-Update: 2014-11-18 Patch-Name: 05_avoid-embedded-ssl-match-hostname.patch --- urllib3/packages/__init__.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/urllib3/packages/__init__.py b/urllib3/packages/__init__.py index 170e974..35555ed 100644 --- a/urllib3/packages/__init__.py +++ b/urllib3/packages/__init__.py @@ -1,5 +1,11 @@ from __future__ import absolute_import -from . import ssl_match_hostname +try: + # cPython >= 2.7.9 has ssl features backported from Python3 + from ssl import CertificateError + del CertificateError + import ssl as ssl_match_hostname +except ImportError: + from . import ssl_match_hostname __all__ = ('ssl_match_hostname', ) -- cgit v1.2.3