[Python-modules-commits] r32015 - in packages/requests/trunk/debian/patches (4 files)

eriol-guest at users.alioth.debian.org eriol-guest at users.alioth.debian.org
Mon Mar 16 02:53:21 UTC 2015 

    Date: Monday, March 16, 2015 @ 02:53:20
  Author: eriol-guest
Revision: 32015

Revert my fix for #770172 since it is not an RC bug while I need to fix #780506

Added:
  packages/requests/trunk/debian/patches/05_do-not-ascribe-cookies-to-the-target-domain.patch
    (from rev 32014, packages/requests/trunk/debian/patches/06_do-not-ascribe-cookies-to-the-target-domain.patch)
Modified:
  packages/requests/trunk/debian/patches/series
Deleted:
  packages/requests/trunk/debian/patches/05_do-not-make-SSLv3-mandatory.patch
  packages/requests/trunk/debian/patches/06_do-not-ascribe-cookies-to-the-target-domain.patch

Copied: packages/requests/trunk/debian/patches/05_do-not-ascribe-cookies-to-the-target-domain.patch (from rev 32014, packages/requests/trunk/debian/patches/06_do-not-ascribe-cookies-to-the-target-domain.patch)
===================================================================
--- packages/requests/trunk/debian/patches/05_do-not-ascribe-cookies-to-the-target-domain.patch	                        (rev 0)
+++ packages/requests/trunk/debian/patches/05_do-not-ascribe-cookies-to-the-target-domain.patch	2015-03-16 02:53:20 UTC (rev 32015)
@@ -0,0 +1,17 @@
+Description: Session fixation and cookie stealing.
+ See http://www.openwall.com/lists/oss-security/2015/03/14/4 for a complete
+ description.
+Origin: https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
+Bug-Debian: https://bugs.debian.org/780506
+
+--- a/requests/sessions.py
++++ b/requests/sessions.py
+@@ -168,7 +168,7 @@
+             except KeyError:
+                 pass
+ 
+-            extract_cookies_to_jar(prepared_request._cookies, prepared_request, resp.raw)
++            extract_cookies_to_jar(prepared_request._cookies, req, resp.raw)
+             prepared_request._cookies.update(self.cookies)
+             prepared_request.prepare_cookies(prepared_request._cookies)
+ 

Deleted: packages/requests/trunk/debian/patches/05_do-not-make-SSLv3-mandatory.patch
===================================================================
--- packages/requests/trunk/debian/patches/05_do-not-make-SSLv3-mandatory.patch	2015-03-16 01:01:45 UTC (rev 32014)
+++ packages/requests/trunk/debian/patches/05_do-not-make-SSLv3-mandatory.patch	2015-03-16 02:53:20 UTC (rev 32015)
@@ -1,25 +0,0 @@
-Description: Since SSL version 3 is insecure it is supported only if Python
- supports it. In Debian SSL version 3 is disabled in system Python since
- 2.7.8-12.
-Author: Daniele Tricoli <eriol at mornie.org>
-Forwarded: https://github.com/shazow/urllib3/issues/487#issuecomment-63805742
-Last/Update: 2014-11-20
-
---- a/requests/packages/urllib3/contrib/pyopenssl.py
-+++ b/requests/packages/urllib3/contrib/pyopenssl.py
-@@ -70,9 +70,14 @@
- # Map from urllib3 to PyOpenSSL compatible parameter-values.
- _openssl_versions = {
-     ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
--    ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
-     ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
- }
-+
-+try:
-+    _openssl_versions.update({ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD})
-+except AttributeError:
-+    pass
-+
- _openssl_verify = {
-     ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE,
-     ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER,

Deleted: packages/requests/trunk/debian/patches/06_do-not-ascribe-cookies-to-the-target-domain.patch
===================================================================
--- packages/requests/trunk/debian/patches/06_do-not-ascribe-cookies-to-the-target-domain.patch	2015-03-16 01:01:45 UTC (rev 32014)
+++ packages/requests/trunk/debian/patches/06_do-not-ascribe-cookies-to-the-target-domain.patch	2015-03-16 02:53:20 UTC (rev 32015)
@@ -1,17 +0,0 @@
-Description: Session fixation and cookie stealing.
- See http://www.openwall.com/lists/oss-security/2015/03/14/4 for a complete
- description.
-Origin: https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
-Bug-Debian: https://bugs.debian.org/780506
-
---- a/requests/sessions.py
-+++ b/requests/sessions.py
-@@ -168,7 +168,7 @@
-             except KeyError:
-                 pass
- 
--            extract_cookies_to_jar(prepared_request._cookies, prepared_request, resp.raw)
-+            extract_cookies_to_jar(prepared_request._cookies, req, resp.raw)
-             prepared_request._cookies.update(self.cookies)
-             prepared_request.prepare_cookies(prepared_request._cookies)
- 

Modified: packages/requests/trunk/debian/patches/series
===================================================================
--- packages/requests/trunk/debian/patches/series	2015-03-16 01:01:45 UTC (rev 32014)
+++ packages/requests/trunk/debian/patches/series	2015-03-16 02:53:20 UTC (rev 32015)
@@ -2,5 +2,4 @@
 02_use-system-chardet-and-urllib3.patch
 03_export-IncompleteRead.patch
 04_make-requests.packages.urllib3-same-as-urllib3.patch
-05_do-not-make-SSLv3-mandatory.patch
-06_do-not-ascribe-cookies-to-the-target-domain.patch
+05_do-not-ascribe-cookies-to-the-target-domain.patch

More information about the Python-modules-commits mailing list