diff -Nru python-urllib3-1.9.1/debian/changelog python-urllib3-1.9.1/debian/changelog --- python-urllib3-1.9.1/debian/changelog 2014-11-06 16:41:49.000000000 +0000 +++ python-urllib3-1.9.1/debian/changelog 2014-11-21 00:02:17.000000000 +0000 @@ -1,8 +1,22 @@ -python-urllib3 (1.9.1-2~cloud0) trusty-kilo; urgency=medium +python-urllib3 (1.9.1-3~cloud0) trusty-kilo; urgency=medium - * New package for the Ubuntu Cloud Archive. + * New update for the Ubuntu Cloud Archive. - -- Openstack Ubuntu Testing Bot Thu, 06 Nov 2014 11:41:49 -0500 + -- Openstack Ubuntu Testing Bot Thu, 20 Nov 2014 19:02:17 -0500 + +python-urllib3 (1.9.1-3) unstable; urgency=medium + + [ Stefano Rivera ] + * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with + 05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with + cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: #755106, #763389) + + [ Daniele Tricoli ] + * debian/patches/06_do-not-make-SSLv3-mandatory.patch + - Since SSL version 3 is insecure it is supported only if Python + supports it. (Closes: #770246) + + -- Daniele Tricoli Thu, 20 Nov 2014 13:17:59 +0100 python-urllib3 (1.9.1-2) unstable; urgency=medium diff -Nru python-urllib3-1.9.1/debian/patches/05_avoid-embedded-ssl-match-hostname.patch python-urllib3-1.9.1/debian/patches/05_avoid-embedded-ssl-match-hostname.patch --- python-urllib3-1.9.1/debian/patches/05_avoid-embedded-ssl-match-hostname.patch 1970-01-01 00:00:00.000000000 +0000 +++ python-urllib3-1.9.1/debian/patches/05_avoid-embedded-ssl-match-hostname.patch 2014-11-20 14:27:13.000000000 +0000 @@ -0,0 +1,22 @@ +Description: Do not use embedded copy of ssl.match_hostname, when possible + The system python has the necessary features backported, since 2.7.8-7 (and + 221a1f9155e2, releasing in 2.7.9, upstream). However, alternative python + implementations don't, yet, and urllib3 is used by pip in virtualenvs. +Author: Stefano Rivera +Forwarded: not-needed +Last-Update: 2014-11-18 + +--- a/urllib3/packages/__init__.py ++++ b/urllib3/packages/__init__.py +@@ -1,4 +1,9 @@ + from __future__ import absolute_import + +-from . import ssl_match_hostname +- ++try: ++ # cPython >= 2.7.9 has ssl features backported from Python3 ++ from ssl import CertificateError ++ del CertificateError ++ import ssl as ssl_match_hostname ++except ImportError: ++ from . import ssl_match_hostname diff -Nru python-urllib3-1.9.1/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch python-urllib3-1.9.1/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch --- python-urllib3-1.9.1/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch 2014-09-23 18:28:38.000000000 +0000 +++ python-urllib3-1.9.1/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,56 +0,0 @@ -Description: Do not use embedded copy of ssl.match_hostname. -Author: Daniele Tricoli -Forwarded: not-needed -Last-Update: 2014-09-23 - ---- a/test/test_connectionpool.py -+++ b/test/test_connectionpool.py -@@ -6,7 +6,7 @@ - HTTPConnectionPool, - ) - from urllib3.util.timeout import Timeout --from urllib3.packages.ssl_match_hostname import CertificateError -+from ssl import CertificateError - from urllib3.exceptions import ( - ClosedPoolError, - EmptyPoolError, ---- a/urllib3/connection.py -+++ b/urllib3/connection.py -@@ -39,7 +39,7 @@ - ConnectTimeoutError, - SystemTimeWarning, - ) --from .packages.ssl_match_hostname import match_hostname -+from ssl import match_hostname - - from .util.ssl_ import ( - resolve_cert_reqs, ---- a/urllib3/connectionpool.py -+++ b/urllib3/connectionpool.py -@@ -26,7 +26,7 @@ - TimeoutError, - InsecureRequestWarning, - ) --from .packages.ssl_match_hostname import CertificateError -+from ssl import CertificateError - import six - from .connection import ( - port_by_scheme, ---- a/urllib3/packages/__init__.py -+++ b/urllib3/packages/__init__.py -@@ -1,4 +1,3 @@ - from __future__ import absolute_import - --from . import ssl_match_hostname - ---- a/setup.py -+++ b/setup.py -@@ -42,7 +42,7 @@ - url='http://urllib3.readthedocs.org/', - license='MIT', - packages=['urllib3', -- 'urllib3.packages', 'urllib3.packages.ssl_match_hostname', -+ 'urllib3.packages', - 'urllib3.contrib', 'urllib3.util', - ], - requires=[], diff -Nru python-urllib3-1.9.1/debian/patches/06_do-not-make-SSLv3-mandatory.patch python-urllib3-1.9.1/debian/patches/06_do-not-make-SSLv3-mandatory.patch --- python-urllib3-1.9.1/debian/patches/06_do-not-make-SSLv3-mandatory.patch 1970-01-01 00:00:00.000000000 +0000 +++ python-urllib3-1.9.1/debian/patches/06_do-not-make-SSLv3-mandatory.patch 2014-11-20 14:27:13.000000000 +0000 @@ -0,0 +1,25 @@ +Description: Since SSL version 3 is insicure it is supported only if Python + supports it. In Debian SSL version 3 is disabled in system Python since + 2.7.8-12. +Author: Daniele Tricoli +Forwarded: https://github.com/shazow/urllib3/issues/487#issuecomment-63805742 +Last/Update: 2014-11-20 + +--- a/urllib3/contrib/pyopenssl.py ++++ b/urllib3/contrib/pyopenssl.py +@@ -70,9 +70,14 @@ + # Map from urllib3 to PyOpenSSL compatible parameter-values. + _openssl_versions = { + ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD, +- ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD, + ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD, + } ++ ++try: ++ _openssl_versions.update({ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD}) ++except AttributeError: ++ pass ++ + _openssl_verify = { + ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE, + ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER, diff -Nru python-urllib3-1.9.1/debian/patches/series python-urllib3-1.9.1/debian/patches/series --- python-urllib3-1.9.1/debian/patches/series 2014-09-23 18:28:38.000000000 +0000 +++ python-urllib3-1.9.1/debian/patches/series 2014-11-20 14:27:13.000000000 +0000 @@ -2,4 +2,5 @@ 02_require-cert-verification.patch 03_force_setuptools.patch 04_relax_nosetests_options.patch -05_do-not-use-embedded-ssl-match-hostname.patch +05_avoid-embedded-ssl-match-hostname.patch +06_do-not-make-SSLv3-mandatory.patch