|
|
|
|
Changelog for python312-urllib3-2.2.3-200.4.noarch.rpm :
* Thu Oct 03 2024 Steve Kowalik - Update to 2.2.3: * Features + Added support for Python 3.13. * Bugfixes + Fixed the default encoding of chunked request bodies to be UTF-8 instead of ISO-8859-1. All other methods of supplying a request body already use UTF-8 starting in urllib3 v2.0. + Fixed ResourceWarning on CONNECT with Python < 3.11.4 by backporting python/cpython#103472. + Fixed a crash where certain standard library hash functions were absent in restricted environments. + Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. + Allowed passing negative integers as amt to read methods of http.client.HTTPResponse as an alternative to None. + Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. + Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. + Changed InvalidChunkLength to ProtocolError when response terminates before the chunk length is sent. + Changed ProtocolError to be more verbose on incomplete reads with excess content. + Added support for HTTPResponse.read1() method. + Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. + Fixed HTTPConnection.proxy_is_verified and HTTPSConnection.proxy_is_verified to be always set to a boolean after connecting to a proxy. It could be None in some cases previously. + Fixed an issue where headers passed in a request with json= would be mutated + Fixed HTTPSConnection.is_verified to be set to False when connecting from a HTTPS proxy to an HTTP target. It was set to True previously. + Fixed handling of new error message from OpenSSL 3.2.0 when configuring an HTTP proxy as HTTPS + Fixed TLS 1.3 post-handshake auth when the server certificate validation is disabled * HTTP/2 (experimental) + Excluded Transfer-Encoding: chunked from HTTP/2 request body + Added a probing mechanism for determining whether a given target origin supports HTTP/2 via ALPN. + Add support for sending a request body with HTTP/2 * Removals + Drop support for end-of-life PyPy3.8 and PyPy3.9.- Drop patches, they are now included upstream: * CVE-2024-37891.patch * openssl-3.2.patch- Included patched hypercorn, which is only unpacked and used for the test suite. * Tue Jun 18 2024 Markéta Machová - Add CVE-2024-37891.patch (bsc#1226469) * Thu Jan 11 2024 Daniel Garcia - Add upstream patch openssl-3.2.patch, to fix tests with opennssl 3.2.0, gh#urllib3/urllib3#3271 * Mon Nov 27 2023 Dirk Müller - update to 2.1.0: * Removed support for the deprecated urllib3[secure] extra. * Removed support for the deprecated SecureTransport TLS implementation. * Removed support for the end-of-life Python 3.7. * Allowed loading CA certificates from memory for proxies. * Fixed decoding Gzip-encoded responses which specified ``x-gzip`` content-encoding. * Wed Oct 18 2023 Daniel Garcia Moreno - update to 2.0.7 (bsc#1216377, CVE-2023-45803): * Made body stripped from HTTP requests changing the request method to GET after HTTP 303 \"See Other\" redirect responses. * Thu Oct 12 2023 Frederic Crozat - Update Buildrequires to upstream list. * Thu Oct 05 2023 Daniel Garcia - update to 2.0.6 (bsc#1215968, CVE-2023-43804): * Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect- 2.0.5: * Allowed pyOpenSSL third-party module without any deprecation warning. #3126 * Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066 * Tue Jul 25 2023 Dirk Müller - update to 2.0.4: * Added support for union operators to ``HTTPHeaderDict`` * Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (`#3078 * Fixed ``urllib3.connection.HTTPConnection`` to raise the ``http.client.connect`` audit event to have the same behavior as the standard library HTTP client * Relied on the standard library for checking hostnames in supported PyPy releases * Wed Jul 05 2023 Daniel Garcia - Disable test_deprecated_no_scheme so it needs network connection to run correctly. * Mon Jun 19 2023 Dirk Müller - update to 2.0.3: * Allowed alternative SSL libraries such as LibreSSL, while still issuing a warning as we cannot help users facing issues with implementations other than OpenSSL. * Deprecated URLs which don\'t have an explicit scheme * Fixed response decoding with Zstandard when compressed data is made of several frames. * Fixed ``assert_hostname=False`` to correctly skip hostname check. * Sun May 14 2023 Dirk Müller - update to 2.0.2: * Fixed ``HTTPResponse.stream()`` to continue yielding bytes if buffered decompressed data was still available to be read even if the underlying socket is closed. This prevents a compressed response from being truncated. * Wed May 10 2023 Steve Kowalik - Update to 2.0.1: * Fixed a socket leak when fingerprint or hostname verifications fail. * Fixed an error when HTTPResponse.read(0) was the first read call or when the internal response body buffer was otherwise empty. * Removed support for Python 2.7, 3.5, and 3.6. * Removed fallback on certificate commonName in match_hostname() function. * Removed support for Python with an ssl module compiled with LibreSSL, CiscoSSL, wolfSSL, and all other OpenSSL alternatives. * Removed support for OpenSSL versions earlier than 1.1.1. * Removed urllib3.contrib.appengine.AppEngineManager and support for Google App Engine Standard Environment. * Changed ssl_version to instead set the corresponding SSLContext.minimum_version and SSLContext.maximum_version values. * Changed default SSLContext.minimum_version to be TLSVersion.TLSv1_2 in line with Python 3.10. * Changed urllib3.util.create_urllib3_context to not override the system cipher suites with a default value. * Changed multipart/form-data header parameter formatting matches the WHATWG HTML Standard as of 2021-06-10. * Changed HTTPConnection.request() to always use lowercase chunk boundaries when sending requests with Transfer-Encoding: chunked. * Changed enforce_content_length default to True, preventing silent data loss when reading streamed responses. * Changed all parameters in the HTTPConnection and HTTPSConnection constructors to be keyword-only except host and port. * Changed HTTPConnection.getresponse() to set the socket timeout from HTTPConnection.timeout value before reading data from the socket. * Changed name of Retry.BACK0FF_MAX to be Retry.DEFAULT_BACKOFF_MAX. * Changed TLS handshakes to use SSLContext.check_hostname when possible. * Changed the default blocksize to 16KB to match OpenSSL\'s default read amounts. * Changed HTTPResponse.read() to raise an error when calling with decode_content=False after using decode_content=True to prevent data loss. * Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress. * Fixed the default value of HTTPSConnection.socket_options to match HTTPConnection. * Fixed a socket leak if HTTPConnection.connect() fails.- Drop patch remove_mock.patch, included upstream.- Fiddle with {Build,}Requires as appropiate, six finally dropped. * Fri Apr 21 2023 Dirk Müller - add sle15_python_module_pythons (jsc#PED-68) * Thu Apr 13 2023 Matej Cepl - Make calling of %{sle15modernpython} optional. * Tue Mar 14 2023 Dirk Müller - update to 1.26.15: * Fix socket timeout value when ``HTTPConnection`` is reused * Remove \"!\" character from the unreserved characters in IPv6 Zone ID parsing * Fix IDNA handling of \'<80>\' byte * Sat Jan 21 2023 Dirk Müller - update to 1.26.14: * Fixed parsing of port 0 (zero) returning None, instead of 0. * Removed deprecated getheaders() calls in contrib module. * Fri Dec 02 2022 John Paul Adrian Glaubitz - update to 1.26.13 * Deprecated the ``HTTPResponse.getheaders()`` and ``HTTPResponse.getheader()`` methods. * Fixed an issue where parsing a URL with leading zeroes in the port would be rejected even when the port number after removing the zeroes was valid. * Fixed a deprecation warning when using cryptography v39.0.0. * Removed the ``<4`` in the ``Requires-Python`` packaging metadata field. * Sun Oct 23 2022 Ben Greiner - Fix pycache when undbundling six * Mon Aug 22 2022 Dirk Müller - update to 1.26.12: * Deprecated the `urllib3[secure]` extra and the `urllib3.contrib.pyopenssl` module. Both will be removed in v2.x. See this `GitHub issue `_ for justification and info on how to migrate. * Tue Aug 02 2022 Ben Greiner - update to 1.26.11 * Fix OverflowError when TLS is used on some Python versions * Sun Jul 24 2022 Dirk Müller - update to 1.26.10: * Removed support for Python 3.5 * Fixed an issue where a ``ProxyError`` recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn\'t configured.- refresh remove_mock.patch with extra mock usages * Tue Apr 19 2022 Steve Kowalik - Remove unneeded BuildRequires of mock. * Tue Apr 05 2022 Ben Greiner - Remove unbundling off ssl.match_hostname. * It was only done for the primary python3 flavor * It is bundled for a reason gh#urllib3/urllib3#2439, gh#urllib3/urllib3#2448 * The tests (and probably urllib3 users) use wildcard patterns not supported by the stdlib- Fix undbundling of six for all flavors- Replace brotlipy recommendation and test with python-Brotli (see release notes below) * Tue Mar 29 2022 Dirk Müller - update to 1.26.9: * Changed ``urllib3[brotli]`` extra to favor installing Brotli libraries that are still receiving updates like ``brotli`` and ``brotlicffi`` instead of ``brotlipy``. This change does not impact behavior of urllib3, only which dependencies are installed. * Fixed a socket leaking when ``HTTPSConnection.connect()`` raises an exception. * Fixed ``server_hostname`` being forwarded from ``PoolManager`` to ``HTTPConnectionPool`` when requesting an HTTP URL. Should only be forwarded when requesting an HTTPS URL. * Mon Jan 10 2022 Dirk Müller - update to 1.26.8: * Added extra message to``urllib3.exceptions.ProxyError`` when urllib3 detects that a proxy is configured to use HTTPS but the proxy itself appears to only use HTTP. * Added a mention of the size of the connection pool when discarding a connection due to the pool being full. * Added explicit support for Python 3.11. * Deprecated the ``Retry.MAX_BACKOFF`` class property in favor of ``Retry.DEFAULT_MAX_BACKOFF`` to better match the rest of the default parameter names. ``Retry.MAX_BACKOFF`` is removed in v2.0. * Changed location of the vendored ``ssl.match_hostname`` function from ``urllib3.packages.ssl_match_hostname`` to ``urllib3.util.ssl_match_hostname`` to ensure Python 3.10+ compatibility after being repackaged by downstream distributors. * Fixed absolute imports, all imports are now relative. * Tue Oct 26 2021 Dirk Müller - update to 1.26.7: * Fixed a bug with HTTPS hostname verification involving IP addresses and lack of SNI. * Fixed a bug where IPv6 braces weren\'t stripped during certificate hostname matching. * Tue Jul 13 2021 Markéta Machová - update to 1.26.6 * Deprecated the urllib3.contrib.ntlmpool module. * Changed HTTPConnection.request_chunked() to not erroneously emit multiple Transfer-Encoding headers in the case that one is already specified. * Fixed typo in deprecation message to recommend Retry.DEFAULT_ALLOWED_METHODS. * Sun Jun 06 2021 Dirk Müller - update to 1.26.5 (bsc#1187045, CVE-2021-33503): * Fixed deprecation warnings emitted in Python 3.10. * Updated vendored ``six`` library to 1.16.0. * Improved performance of URL parser when splitting the authority component. * Tue Mar 16 2021 Dirk Müller - update to 1.26.4: * Changed behavior of the default ``SSLContext`` when connecting to HTTPS proxy during HTTPS requests. The default ``SSLContext`` now sets ``check_hostname=True``. * Thu Jan 28 2021 Dirk Müller - update to 1.26.3: * Fixed bytes and string comparison issue with headers (Pull #2141) * Changed ``ProxySchemeUnknown`` error message to be more actionable if the user supplies a proxy URL without a scheme. (Pull #2107) * Fri Jan 01 2021 Benjamin Greiner - Skip test for RECENT_DATE. It is a test purely for developers. To maintain reproducibility, keep upstreams possibly outdated RECENT_DATE in the source code. (bsc#1181571)
|
|
|