python-urllib3 (2.2.3-2) experimental; urgency=medium * Team upload. * Mark test_http2_probe_blocked_per_thread with requires_network. -- Colin Watson Tue, 12 Nov 2024 23:59:17 +0000 python-urllib3 (2.2.3-1) experimental; urgency=medium * Team upload. * New upstream release: - CVE-2024-37891: Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host (closes: #1074149). - Added support for Python 3.13 (closes: #1082278). * Temporarily vendor hypercorn, since urllib3 needs a patched version for its tests (commit d1719f8c1570cbd8e6a3719ffdb14a4d72880abb; see https://github.com/urllib3/urllib3/issues/3334; closes: #1086794). -- Colin Watson Sun, 10 Nov 2024 23:57:18 +0000 python-urllib3 (2.0.7-2) unstable; urgency=medium * Team upload. * Remove build & autopkgtest dependency on python3-mock * Disable a test that compare today's date against some "expiry date". * Patch: add a patch from upstream to handle new Exception strings. -- Alexandre Detiste Wed, 12 Jun 2024 20:04:48 +0200 python-urllib3 (2.0.7-1) experimental; urgency=medium [ Stefano Rivera ] * New upstream release. * Drop six patch and dependency on python3-six, superseded upstream. (Closes: #1025218, LP: #1897633) * Drop bundled backports.makefile from copyright, removed upstream. * Build with pybuild pyproject plugin. * Mark Build-Depends with nocheck. * Re-enable the full test suite. * Patch: Handle ConnectionRefusedError in test.requires_network() * Patch: Mark tests that require network * Patch: Don't make requests to evil.com in tests. * Export CI=1 in tests, to increase timeouts. * Allow stderr in the autopkgtest. * Patch: Skip expensive integration tests, that often cause timeouts. -- Daniele Tricoli Sun, 12 Nov 2023 23:57:09 +0100 python-urllib3 (1.26.18-2) unstable; urgency=medium * Team upload. * Patch: Fix tests under Python 3.12. (Closes: #1056511) -- Stefano Rivera Sun, 21 Jan 2024 15:46:13 -0400 python-urllib3 (1.26.18-1) unstable; urgency=medium * Team upload. * New upstream release. - Fix CVE-2023-45803 (Closes: #1054226) * Drop patch 02_require-cert-verification.patch, no longer needed. (Closes: #1054212) * Refresh patches. -- Stefano Rivera Sat, 21 Oct 2023 17:05:33 +0200 python-urllib3 (1.26.17-1) unstable; urgency=medium * New upstream version 1.26.17 - Fix CVE-2023-43804 (Closes: #1053626). * Refresh patches. -- Daniele Tricoli Tue, 10 Oct 2023 02:32:39 +0200 python-urllib3 (1.26.16-1) unstable; urgency=medium * New upstream version 1.26.16 * Refresh patches. * debian/control - Update standards version to 4.6.2, no changes needed. * debian/copyright - Update copyright years. -- Daniele Tricoli Fri, 30 Jun 2023 01:10:18 +0200 python-urllib3 (1.26.12-1) unstable; urgency=medium * Team upload. * New upstream version 1.26.12 * Bump Standards-Version to 4.6.1 (no change) * Refresh patches -- Anthony Fok Thu, 22 Sep 2022 15:14:17 -0600 python-urllib3 (1.26.9-1) unstable; urgency=medium * New upstream version 1.26.9 * Refresh patches. * Add python3-brotli to B-D, Suggests and autopkgtest's Depends. -- Daniele Tricoli Sat, 19 Mar 2022 01:35:39 +0100 python-urllib3 (1.26.8-1) unstable; urgency=medium [ Jenkins ] * Remove constraints unnecessary since stretch [ Daniele Tricoli ] * New upstream release. * Refresh patches. * Enable salsa pipelines. * Enable autopkgtest tests. * debian/control - Update standards version to 4.6.0, no changes needed. * debian/copyright - Update copyright years. -- Daniele Tricoli Mon, 14 Mar 2022 01:12:18 +0100 python-urllib3 (1.26.5-1~exp1) unstable; urgency=medium * New upstream version 1.26.5 - CVE-2021-33503: Catastrophic backtracking in URL authority parser when passed URL containing many @ characters. (Closes: #989848) * Refresh patches. -- Daniele Tricoli Sun, 27 Jun 2021 17:02:18 +0200 python-urllib3 (1.26.4-1) unstable; urgency=medium * Team upload. * New upstream release. - Enforces certificate validation in some cases involving HTTPS to HTTPS proxies CVE-2021-28363. -- Stefano Rivera Tue, 11 May 2021 20:30:00 -0400 python-urllib3 (1.26.2-1) unstable; urgency=medium * New upstream version 1.26.2 * Refresh patches. * debian/control - Bump debhelper compatibility level to 13. - Bump Standards-Version to 4.5.1 (no changes needed). * debian/copyright - Update copyright years. * debian/rules - Ignore test_ssltransport.py. * debian/watch - Bump version to 4. -- Daniele Tricoli Thu, 31 Dec 2020 02:22:32 +0100 python-urllib3 (1.25.11-1) unstable; urgency=medium * Team upload. [ Ondřej Nový ] * d/control: Update Maintainer field with new Debian Python Team contact address. * d/control: Update Vcs-* fields with new Debian Python Team Salsa layout. [ Dmitry Shachnev ] * New upstream release. * Refresh patches for the new release. * Skip test_respect_retry_after_header_sleep test. It needs pytest-freezegun module which is not packaged in Debian yet. -- Dmitry Shachnev Sat, 14 Nov 2020 15:40:30 +0300 python-urllib3 (1.25.9-1) unstable; urgency=medium * Team upload * New upstream release - Refresh patches -- Scott Kitterman Sat, 02 May 2020 13:14:11 -0400 python-urllib3 (1.25.8-2) unstable; urgency=medium * Drop python2 support; Closes: #938244 * debian/control - bump versioned b-d on six to >= 1.12.0 (the same version of the embedded module); Closes: #950738 -- Sandro Tosi Wed, 01 Apr 2020 11:35:50 -0400 python-urllib3 (1.25.8-1) unstable; urgency=medium * Team upload. [ Debian Janitor ] * Use secure URI in Homepage field. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. [ Håvard Flaget Aasen ] * New upstream version 1.25.8 * Rebase patches. * Update Standards-Version to 4.5.0 * Remove python-nose and python3-nose from build-dependency. * Add Rules-Requires-Root: no * Remove test/conftest.py during build. -- Håvard Flaget Aasen Sat, 25 Jan 2020 15:56:27 +0100 python-urllib3 (1.25.6-5) unstable; urgency=medium * Team upload. * debian/control - remove psutil from b-d, nothing in urllib3 uses that module -- Sandro Tosi Thu, 09 Jan 2020 20:45:05 -0500 python-urllib3 (1.25.6-4) unstable; urgency=medium * Upload to unstable (Closes: #945883) -- Daniele Tricoli Thu, 05 Dec 2019 01:11:15 +0100 python-urllib3 (1.25.6-3) experimental; urgency=medium * debian/rules - Export LC_ALL=C.UTF-8 to build tests also using pbuilder. Thanks to Andreas Beckmann for the report and suggestion. (Closes: #945450) -- Daniele Tricoli Mon, 02 Dec 2019 23:20:06 +0100 python-urllib3 (1.25.6-2) experimental; urgency=medium * debian/control - Add python{,3}-idna to B-D. (Closes: #943510) -- Daniele Tricoli Sun, 27 Oct 2019 14:28:10 +0100 python-urllib3 (1.25.6-1) experimental; urgency=medium * Team upload. [ Ondřej Nový ] * Use debhelper-compat instead of debian/compat. * Bump Standards-Version to 4.4.0. [ Drew Parsons ] * New upstream release. - fixes CVE-2019-11236 CRLF injection vulnerability. Closes: #927172. * Standards-Version: 4.4.1 * debhelper compatibility level 12 -- Drew Parsons Sat, 12 Oct 2019 11:50:26 +0800 python-urllib3 (1.24.1-1) unstable; urgency=medium * Upload to unstable. -- Daniele Tricoli Mon, 11 Feb 2019 02:14:53 +0100 python-urllib3 (1.24.1-1~exp1) experimental; urgency=medium * New upstream release. * Refresh 01_do-not-use-embedded-python-six.patch. * debian/control - Update to use my debian.org mail address. - Bump Standards-Version to 4.3.0 (no changes needed). * debian/copyright - Update to use my debian.org mail address. - Update copyright years. -- Daniele Tricoli Thu, 10 Jan 2019 01:16:27 +0100 python-urllib3 (1.24-1) unstable; urgency=medium * Upload to unstable. (Closes: #911716) -- Daniele Tricoli Thu, 25 Oct 2018 05:01:14 +0200 python-urllib3 (1.24-1~exp1) experimental; urgency=medium [ Ondřej Nový ] * d/control: Set Vcs-* to salsa.debian.org * d/copyright: Use https protocol in Format field * d/control: Remove ancient X-Python-Version field * d/control: Remove ancient X-Python3-Version field * Convert git repository from git-dpm to gbp layout [ Daniele Tricoli ] * New upstream release. * Refresh patches after git-dpm to gbp pq conversion. * Add debian/gbp.conf. * Refresh patches. * debian/clean - Update path of urllib3.egg-info. * debian/control - Require newer dh-python which cleans .pytest_cache directory. * debian/copyright - Update copyright years. - Update Source field to point to new pypi HTTPS URL. - Add section for urllib3/contrib/_securetransport. - Update paths and remove section about ordered_dict.py. - Add section about backported socket.makefile(). * debian/patches/01_do-not-use-embedded-python-six.patch - Refresh and also patch urllib3.contrib.pyopenssl to use the packaged version of six. (Closes: #905479) * debian/patches/04_relax_nosetests_options.patch - Drop since no more used (tests use pytest). * debian/rules - Ignore tests that require dummyserver or network access. - Clean .pytest_cache/ to build twice in a row. * debian/upstream/signing-key.asc - Remove since upstream will not sign tarballs anymore. * debian/watch - Remove pgpsigurlmangle since upstream will not sign tarballs anymore. -- Daniele Tricoli Fri, 19 Oct 2018 08:42:27 +0200 python-urllib3 (1.22-1) unstable; urgency=medium * Team upload. * New upstream release (Closes: #876334) * d/watch - Check upstream signature - Use https * Bump debhelper compat level to 11 * Standards-Version is 4.1.3 now (no changes needed) * Add python{3,}-pytest to B-D * Use pytest for unit tests (same as upstream) and skip timing tests * Skip test_recent_date test * Use autopkgtest-pkg-python testsuite instead of hardcoded one -- Ondřej Nový Thu, 04 Jan 2018 15:09:14 +0100 python-urllib3 (1.21.1-1) unstable; urgency=medium * New upstream release. (Closes: #861642) * debian/control - Add python-psutil{,3} to Build-Depends. - Add version constraint for six. (Closes: #857006) - Bump Standards-Version to 4.0.0 (no changes needed). * debian/copyright - Update copyright years. * debian/patches/01_do-not-use-embedded-python-six.patch - Refresh. * debian/tests/control - Add autodep8 tests. (Closes: #796717) -- Daniele Tricoli Fri, 14 Jul 2017 01:21:44 +0200 python-urllib3 (1.19.1-1) unstable; urgency=medium * New upstream release. * debian/control - Remove python{,3}-ndg-httpsclient and python{,3}-pyasn1. - Add python{,3}-cryptography, python{,3}-idna and python-ipaddress. * debian/patches/01_do-not-use-embedded-python-six.patch - Refresh. -- Daniele Tricoli Thu, 08 Dec 2016 15:08:04 +0100 python-urllib3 (1.16-1) unstable; urgency=medium * New upstream release. -- Daniele Tricoli Sun, 04 Sep 2016 01:21:05 +0200 python-urllib3 (1.15.1-2) unstable; urgency=medium * debian/patches/01_do-not-use-embedded-python-six.patch - Patch urllib3.contrib.appengine and dummyserver tests. (Closes: #825310) -- Daniele Tricoli Thu, 26 May 2016 05:11:02 +0200 python-urllib3 (1.15.1-1) unstable; urgency=medium * New upstream release. * debian/control - Bump Standards-Version to 3.9.8 (no changes needed). - Add python{,3}-socks to Suggests. * debian/copyright - Update copyright years. * debian/patches/01_do-not-use-embedded-python-six.patch - Refresh. * debian/rules - Don't run contrib socks tests at build time. - Exclude GAE tests. (Closes: #825168) -- Daniele Tricoli Tue, 24 May 2016 16:18:22 +0200 python-urllib3 (1.13.1-2) unstable; urgency=medium * debian/control - Remove python-urllib3-whl and python3-wheel B-D. (Closes: #814467) - Use secure URI for Vcs-Git. - Bump Standards-Version to 3.9.7 (no changes needed). - Bump X-Python3-Version to >= 3.2. * debian/copyright - Update copyright years. * debian/python-urllib3-whl.install - Remove. * debian/rules - Remove override_dh_auto_install since it's no longer needed to build the wheel package. -- Daniele Tricoli Fri, 12 Feb 2016 01:35:42 +0100 python-urllib3 (1.13.1-1) unstable; urgency=medium * New upstream release. * debian/patches/01_do-not-use-embedded-python-six.patch - Refresh. * debian/patches/05_avoid-embedded-ssl-match-hostname.patch - Refresh. -- Daniele Tricoli Wed, 23 Dec 2015 23:02:05 +0100 python-urllib3 (1.12-1) unstable; urgency=medium * New upstream release. * debian/control - Update Vcs fields for git migration. * debian/patches/01_do-not-use-embedded-python-six.patch - Refresh. * debian/patches/06_rely-on-six-to-import-httplib-or-http.client.patch - Remove since included in this release. -- Daniele Tricoli Sun, 11 Oct 2015 03:31:25 +0200 python-urllib3 (1.11-2) unstable; urgency=medium * debian/patches/06_rely-on-six-to-import-httplib-or-http.client.patch - Rely on six to import httplib or http.client. Thanks to Edward Betts for the report. (Closes: #796356) -- Daniele Tricoli Sun, 23 Aug 2015 21:19:59 +0200 python-urllib3 (1.11-1) unstable; urgency=medium * New upstream release. * debian/control - Add python{,3}-tornado to Build-Depends. - Add python-ntlm to python-urllib3's Suggests. * debian/patches/01_do-not-use-embedded-python-six.patch - Refresh. -- Daniele Tricoli Mon, 17 Aug 2015 18:51:43 +0200 python-urllib3 (1.10.4-1) unstable; urgency=medium * New upstream release. * debian/watch - Use pypi.debian.net redirector. * debian/patches/01_do-not-use-embedded-python-six.patch - Refresh. -- Daniele Tricoli Sun, 03 May 2015 17:18:55 +0200 python-urllib3 (1.10-1) experimental; urgency=medium * New upstream release. * debian/patches/01_do-not-use-embedded-python-six.patch - Refresh. * debian/patches/06_do-not-make-SSLv3-mandatory.patch - Remove since it was merged upstream. -- Daniele Tricoli Thu, 15 Jan 2015 22:58:53 +0100 python-urllib3 (1.9.1-3) unstable; urgency=medium [ Stefano Rivera ] * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with 05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: #755106, #763389) [ Daniele Tricoli ] * debian/patches/06_do-not-make-SSLv3-mandatory.patch - Since SSL version 3 is insecure it is supported only if Python supports it. (Closes: #770246) -- Daniele Tricoli Thu, 20 Nov 2014 13:17:59 +0100 python-urllib3 (1.9.1-2) unstable; urgency=medium * debian/control - Bump python{,3}-nose to >=1.3.3 to build urllib3 on Wheezy. Thanks to Nick Phillips for the report. (Closes: #765035) -- Daniele Tricoli Tue, 21 Oct 2014 02:59:57 +0200 python-urllib3 (1.9.1-1) unstable; urgency=medium * New upstream release. * debian/control - Bump Standards-Version to 3.9.6 (no changes needed). * debian/patches/01_do-not-use-embedded-python-six.patch - Refresh. * debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch - Refresh. * debian/patches/06_add-test-init-py.patch - Remove since fixed upstream. * debian/rules - Exclude with_dummyserver tests since they are also failing upstream. -- Daniele Tricoli Tue, 23 Sep 2014 04:28:42 +0200 python-urllib3 (1.9-1) unstable; urgency=medium * New upstream release * debian/control - Add python-ndg-httpsclient, python-openssl and python-pyasn1 into python-urllib3's Recomends to ensure that SNI works as expected and to prevent CRIME attack - Add python3-ndg-httpsclient, python3-openssl and python3-pyasn1 into python3-urllib3's Suggests since Python 3 already support SNI and and SSL compression can be disabled using OP_NO_COMPRESSION * debian/patches/01_do-not-use-embedded-python-six.patch - Refresh * debian/patches/02_require-cert-verification.patch - Refresh * debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch - Refresh * debian/patches/06_relax-test-requirements.patch - Remove since upstream now does not specify version of packages needed for testing inside setup.py * debian/patches/06_add-test-init-py.patch - Add needed test/__init__.py file not shipped in sdist -- Daniele Tricoli Mon, 01 Sep 2014 02:56:44 +0200 python-urllib3 (1.8.3-1) unstable; urgency=medium * New upstream release (Closes: #754090) * debian/patches/01_do-not-use-embedded-python-six.patch - Refresh * debian/patches/04_relax_nosetests_options.patch - Refresh -- Daniele Tricoli Mon, 07 Jul 2014 16:09:06 +0200 python-urllib3 (1.8.2-1) unstable; urgency=medium * New upstream release * debian/clean - Removed .coverage entry * debian/control - Added python3-coverage, python3-mock, python3-nose to Build-Depends - Bumped python(3)-coverage to (>=3.6) - Removed python-tornado from Build-Depends since it was used only for dummyserver * debian/copyright - Updated copyright years * debian/patches/01_do-not-use-embedded-python-six.patch - Refreshed * debian/patches/02_require-cert-verification.patch - Refreshed * debian/patches/03_no-setuptools.patch - Superseded by debian/patches/setuptools.patch * debian/patches/03_force-setuptools.patch - Renamed from setuptools.patch - Added description * debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch - Do not use embedded copy of ssl.match_hostname * debian/patches/06_relax-test-requirements.patch - Relax version of packages needed for testing * debian/rules - Enabled tests at build time also for Python 3 using the custom build plugin of pybuild - Cleaned .coverage file generated by nose using coverage plugin - No need to remove dummyserver since it is not installed anymore -- Daniele Tricoli Wed, 28 May 2014 19:41:18 +0200 python-urllib3 (1.8-2) unstable; urgency=medium * Team upload. * d/control: - Fix python-urllib3-whl Depends. - Fix typo in python-urllib3-whl description. -- Barry Warsaw Thu, 22 May 2014 18:19:16 -0400 python-urllib3 (1.8-1) unstable; urgency=medium * Team upload. [ Daniele Tricoli ] * New upstream release * debian/control - Bumped Standards-Version to 3.9.5 (no changes needed) * debian/patches/01_do-not-use-embedded-python-six.patch - Refreshed * debian/patches/02_require-cert-verification.patch - Refreshed [ Barry Warsaw ] * d/control: - Added python-setuptools, python3-setuptools, and python3-wheel to Build-Depends. - Added python-urllib3-whl binary package. * d/rules: - Build the universal wheels. - Simplify through use of PYBUILD_NAME. * d/python-urllib3-whl.install: Added. * d/patches/setuptools.patch: Use setuptools.setup() so that the bdist_wheel command will work. -- Barry Warsaw Thu, 15 May 2014 17:21:50 -0400 python-urllib3 (1.7.1-1) unstable; urgency=low * New upstream release * Switched to pybuild * debian/clean - Switched to debian/clean for cleaning instead of using debian/rules * debian/compat - Bumped debhelper compatibility level to 9 * debian/control - Added python-mock to Build-Depends - Bumped debhelper B-D to (>= 9) * debian/copyright - Removed stanza about mimetools_choose_boundary since not shipped anymore * debian/patches/01_do-not-use-embedded-python-six.patch - Refreshed * debian/patches/02_require-cert-verification.patch - Refreshed * debian/patches/04_relax_nosetests_options.patch - Refreshed * debian/patches/05_fix_python3_syntax_error_in_ntlmpool.patch - Removed since fixed upstream * debian/patches/06_fix_abuse_of_match_hostname_for_DoS.patch - Removed since fixed upstream * debian/watch - Switched download URL to https -- Daniele Tricoli Thu, 17 Oct 2013 13:28:10 +0200 python-urllib3 (1.6-2) unstable; urgency=high * debian/patches/06_fix_abuse_of_match_hostname_for_DoS.patch - Added upstream patch to fix possible abuse of ssl.match_hostname() for denial of service using certificates with many wildcards (CVE-2013-2099) (Closes: #709070) Thanks Henri Salo and Jakub Wilk for the report -- Daniele Tricoli Mon, 20 May 2013 19:34:17 +0200 python-urllib3 (1.6-1) unstable; urgency=low [ Jakub Wilk ] * Use canonical URIs for Vcs-* fields. [ Daniele Tricoli ] * New upstream release * Upload to unstable (Closes: #707780) * debian/control - Added python3-six to Build-Depends field - Bumped debhelper dependency to 8.1 for build-{arch,indep} support - Removed python-setuptools from Build-Depends field * debian/copyright - Updated copyright years - Added stanza for urllib3/packages/ordered_dict.py * debian/patches/01_do-not-use-embedded-python-six.patch - Refreshed * debian/patches/02_require-cert-verification.patch - Refreshed * debian/patches/03_no-setuptools.patch - Do not use setuptools * debian/patches/04_relax_nosetests_options.patch - Do not use logging-clear-handlers to see all logging output and disabled cover-min-percentage since it require python-nose (>= 1.3): this way it will be easier to backport python-urllib3 to Wheezy. * debian/patches/05_fix_python3_syntax_error_in_ntlmpool.patch - Fix syntax error 'unicodeescape' codec can't decode bytes in position 130-132 for Python3 -- Daniele Tricoli Sat, 11 May 2013 15:15:38 +0200 python-urllib3 (1.5-1) experimental; urgency=low * New upstream release * debian/control - Bumped Standards-Version to 3.9.4 (no changes needed) * debian/patches/01_do-not-use-embedded-python-six.patch - Refreshed * debian/rules - Run tests only for python2.7 since upstream is using assertRaises() as a context manager -- Daniele Tricoli Fri, 09 Nov 2012 04:23:18 +0100 python-urllib3 (1.3-3) unstable; urgency=low * debian/control - Added ca-certificates to Recommends field * debian/patches/02_require-cert-verification.patch - require SSL certificate validation by default by using CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt. Thanks to Jamie Strandboge for report and patch (Closes: #686872) -- Daniele Tricoli Mon, 10 Sep 2012 14:33:35 +0200 python-urllib3 (1.3-2) unstable; urgency=low * debian/control - Tightened B-D of python-coverage to >= 3.4 (Closes: #668427) - Fixed typo in python3-urllib3's ${python3:Depends} * debian/patches/01_do-not-use-embedded-python-six.patch - Refreshed * debian/rules - Actually remove the embedded python-six from binary packages - Cleaned .egg-info to build packages twice in a row -- Daniele Tricoli Tue, 17 Apr 2012 21:34:49 +0200 python-urllib3 (1.3-1) unstable; urgency=low * New upstream release * debian/control - Bumped Standards-Version to 3.9.3 (no changes needed) * debian/patches/01_do-not-use-embedded-python-six.patch - Refreshed -- Daniele Tricoli Thu, 29 Mar 2012 02:09:04 +0200 python-urllib3 (1.2.2-1) unstable; urgency=low * Initial release (Closes: #648783) -- Daniele Tricoli Fri, 10 Feb 2012 04:41:11 +0100