From 874ffc18a181a397bf262463f7287f28eec633ba Mon Sep 17 00:00:00 2001 From: Stefano Rivera Date: Tue, 18 Nov 2014 21:25:59 +0000 Subject: * Team upload. * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with 05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: 755106, 763389) --- debian/changelog | 9 ++++ .../05_avoid-embedded-ssl-match-hostname.patch | 22 +++++++++ ...05_do-not-use-embedded-ssl-match-hostname.patch | 56 ---------------------- debian/patches/series | 2 +- 4 files changed, 32 insertions(+), 57 deletions(-) create mode 100644 debian/patches/05_avoid-embedded-ssl-match-hostname.patch delete mode 100644 debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch diff --git a/debian/changelog b/debian/changelog index c8ec7d8..5436a6f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +python-urllib3 (1.9.1-3) UNRELEASED; urgency=medium + + * Team upload. + * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with + 05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with + cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: 755106, 763389) + + -- Stefano Rivera Tue, 18 Nov 2014 12:45:49 -0800 + python-urllib3 (1.9.1-2) unstable; urgency=medium * debian/control diff --git a/debian/patches/05_avoid-embedded-ssl-match-hostname.patch b/debian/patches/05_avoid-embedded-ssl-match-hostname.patch new file mode 100644 index 0000000..36d65e0 --- /dev/null +++ b/debian/patches/05_avoid-embedded-ssl-match-hostname.patch @@ -0,0 +1,22 @@ +Description: Do not use embedded copy of ssl.match_hostname, when possible + The system python has the necessary features backported, since 2.7.8-7 (and + 221a1f9155e2, releasing in 2.7.9, upstream). However, alternative python + implementations don't, yet, and urllib3 is used by pip in virtualenvs. +Author: Stefano Rivera +Forwarded: not-needed +Last-Update: 2014-11-18 + +--- a/urllib3/packages/__init__.py ++++ b/urllib3/packages/__init__.py +@@ -1,4 +1,9 @@ + from __future__ import absolute_import + +-from . import ssl_match_hostname +- ++try: ++ # cPython >= 2.7.9 has ssl features backported from Python3 ++ from ssl import CertificateError ++ del CertificateError ++ import ssl as ssl_match_hostname ++except ImportError: ++ from . import ssl_match_hostname diff --git a/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch b/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch deleted file mode 100644 index b58f31d..0000000 --- a/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch +++ /dev/null @@ -1,56 +0,0 @@ -Description: Do not use embedded copy of ssl.match_hostname. -Author: Daniele Tricoli -Forwarded: not-needed -Last-Update: 2014-09-23 - ---- a/test/test_connectionpool.py -+++ b/test/test_connectionpool.py -@@ -6,7 +6,7 @@ - HTTPConnectionPool, - ) - from urllib3.util.timeout import Timeout --from urllib3.packages.ssl_match_hostname import CertificateError -+from ssl import CertificateError - from urllib3.exceptions import ( - ClosedPoolError, - EmptyPoolError, ---- a/urllib3/connection.py -+++ b/urllib3/connection.py -@@ -39,7 +39,7 @@ - ConnectTimeoutError, - SystemTimeWarning, - ) --from .packages.ssl_match_hostname import match_hostname -+from ssl import match_hostname - - from .util.ssl_ import ( - resolve_cert_reqs, ---- a/urllib3/connectionpool.py -+++ b/urllib3/connectionpool.py -@@ -26,7 +26,7 @@ - TimeoutError, - InsecureRequestWarning, - ) --from .packages.ssl_match_hostname import CertificateError -+from ssl import CertificateError - import six - from .connection import ( - port_by_scheme, ---- a/urllib3/packages/__init__.py -+++ b/urllib3/packages/__init__.py -@@ -1,4 +1,3 @@ - from __future__ import absolute_import - --from . import ssl_match_hostname - ---- a/setup.py -+++ b/setup.py -@@ -42,7 +42,7 @@ - url='http://urllib3.readthedocs.org/', - license='MIT', - packages=['urllib3', -- 'urllib3.packages', 'urllib3.packages.ssl_match_hostname', -+ 'urllib3.packages', - 'urllib3.contrib', 'urllib3.util', - ], - requires=[], diff --git a/debian/patches/series b/debian/patches/series index cddf757..b77d657 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,4 +2,4 @@ 02_require-cert-verification.patch 03_force_setuptools.patch 04_relax_nosetests_options.patch -05_do-not-use-embedded-ssl-match-hostname.patch +05_avoid-embedded-ssl-match-hostname.patch -- cgit v1.2.3 From 8ef89a8dcccd9bbb7d189934385649ba27cd20be Mon Sep 17 00:00:00 2001 From: Daniele Tricoli Date: Thu, 20 Nov 2014 13:28:03 +0000 Subject: * debian/patches/06_do-not-make-SSLv3-mandatory.patch - Since SSL version 3 is insicure it is supported only if Python supports it. (Closes: 770246) --- debian/changelog | 9 ++++++-- .../patches/06_do-not-make-SSLv3-mandatory.patch | 25 ++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 debian/patches/06_do-not-make-SSLv3-mandatory.patch diff --git a/debian/changelog b/debian/changelog index 5436a6f..fd4f27e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,11 +1,16 @@ python-urllib3 (1.9.1-3) UNRELEASED; urgency=medium - * Team upload. + [ Stefano Rivera ] * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with 05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: 755106, 763389) - -- Stefano Rivera Tue, 18 Nov 2014 12:45:49 -0800 + [ Daniele Tricoli ] + * debian/patches/06_do-not-make-SSLv3-mandatory.patch + - Since SSL version 3 is insicure it is supported only if Python + supports it. (Closes: 770246) + + -- Daniele Tricoli Thu, 20 Nov 2014 13:17:59 +0100 python-urllib3 (1.9.1-2) unstable; urgency=medium diff --git a/debian/patches/06_do-not-make-SSLv3-mandatory.patch b/debian/patches/06_do-not-make-SSLv3-mandatory.patch new file mode 100644 index 0000000..0ce3f4a --- /dev/null +++ b/debian/patches/06_do-not-make-SSLv3-mandatory.patch @@ -0,0 +1,25 @@ +Description: Since SSL version 3 is insicure it is supported only if Python + supports it. In Debian SSL version 3 is disabled in system Python since + 2.7.8-12. +Author: Daniele Tricoli +Forwarded: https://github.com/shazow/urllib3/issues/487#issuecomment-63805742 +Last/Update: 2014-11-20 + +--- a/urllib3/contrib/pyopenssl.py ++++ b/urllib3/contrib/pyopenssl.py +@@ -70,9 +70,14 @@ + # Map from urllib3 to PyOpenSSL compatible parameter-values. + _openssl_versions = { + ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD, +- ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD, + ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD, + } ++ ++try: ++ _openssl_versions.update({ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD}) ++except AttributeError: ++ pass ++ + _openssl_verify = { + ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE, + ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER, diff --git a/debian/patches/series b/debian/patches/series index b77d657..30602ad 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -3,3 +3,4 @@ 03_force_setuptools.patch 04_relax_nosetests_options.patch 05_avoid-embedded-ssl-match-hostname.patch +06_do-not-make-SSLv3-mandatory.patch -- cgit v1.2.3 From 0fc35e9f031fdf1e7cf2decdaeac464462575ccd Mon Sep 17 00:00:00 2001 From: Daniele Tricoli Date: Thu, 20 Nov 2014 13:37:29 +0000 Subject: Add forgotten hash sign --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index fd4f27e..9fd8cff 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,12 +3,12 @@ python-urllib3 (1.9.1-3) UNRELEASED; urgency=medium [ Stefano Rivera ] * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with 05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with - cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: 755106, 763389) + cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: #755106, #763389) [ Daniele Tricoli ] * debian/patches/06_do-not-make-SSLv3-mandatory.patch - Since SSL version 3 is insicure it is supported only if Python - supports it. (Closes: 770246) + supports it. (Closes: #770246) -- Daniele Tricoli Thu, 20 Nov 2014 13:17:59 +0100 -- cgit v1.2.3 From 5d908e6205ac67417c1c36db0cb328f37f89666b Mon Sep 17 00:00:00 2001 From: Daniele Tricoli Date: Thu, 20 Nov 2014 14:36:23 +0000 Subject: Fix typo s/insicure/insecure/ --- debian/changelog | 2 +- debian/patches/06_do-not-make-SSLv3-mandatory.patch | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 9fd8cff..a8b6117 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,7 +7,7 @@ python-urllib3 (1.9.1-3) UNRELEASED; urgency=medium [ Daniele Tricoli ] * debian/patches/06_do-not-make-SSLv3-mandatory.patch - - Since SSL version 3 is insicure it is supported only if Python + - Since SSL version 3 is insecure it is supported only if Python supports it. (Closes: #770246) -- Daniele Tricoli Thu, 20 Nov 2014 13:17:59 +0100 diff --git a/debian/patches/06_do-not-make-SSLv3-mandatory.patch b/debian/patches/06_do-not-make-SSLv3-mandatory.patch index 0ce3f4a..c072d60 100644 --- a/debian/patches/06_do-not-make-SSLv3-mandatory.patch +++ b/debian/patches/06_do-not-make-SSLv3-mandatory.patch @@ -1,4 +1,4 @@ -Description: Since SSL version 3 is insicure it is supported only if Python +Description: Since SSL version 3 is insecure it is supported only if Python supports it. In Debian SSL version 3 is disabled in system Python since 2.7.8-12. Author: Daniele Tricoli -- cgit v1.2.3 From 79946b58eade5182cdeb529bda459b705c35b36e Mon Sep 17 00:00:00 2001 From: Daniele Tricoli Date: Thu, 20 Nov 2014 15:59:59 +0000 Subject: s/UNRELEASED/unstable/ --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index a8b6117..2d8e46e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -python-urllib3 (1.9.1-3) UNRELEASED; urgency=medium +python-urllib3 (1.9.1-3) unstable; urgency=medium [ Stefano Rivera ] * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with -- cgit v1.2.3