Bug#770099: unblock: python-urllib3/1.9.1-3

To: Jonathan Wiltshire <jmw@debian.org>
Cc: 770099@bugs.debian.org
Subject: Bug#770099: unblock: python-urllib3/1.9.1-3
From: Stefano Rivera <stefanor@debian.org>
Date: Fri, 21 Nov 2014 02:34:30 +0200
Message-id: <[🔎] 20141121003430.GS4220@bach.rivera.co.za>
Reply-to: Stefano Rivera <stefanor@debian.org>, 770099@bugs.debian.org
In-reply-to: <[🔎] 20141120222303.GM6216@lupin.home.powdarrmonkey.net>
References: <[🔎] 20141118213507.GA18658@purcell.lan> <[🔎] 20141120222303.GM6216@lupin.home.powdarrmonkey.net>

Hi Jonathan (2014.11.21_00:23:03_+0200)
> Please go ahead.

Looks like Daniele already uploaded 1.9.1-3, with the inclusion of an
additional bug fix - #770246

--- debian/changelog	(revision 31469)
+++ debian/changelog	(working copy)
@@ -1,12 +1,17 @@
-python-urllib3 (1.9.1-3) UNRELEASED; urgency=medium
+python-urllib3 (1.9.1-3) unstable; urgency=medium
 
-  * Team upload.
+  [ Stefano Rivera ]
   * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with
     05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with
-    cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: 755106, 763389)
+    cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: #755106, #763389)
 
- -- Stefano Rivera <stefanor@debian.org>  Tue, 18 Nov 2014 12:45:49 -0800
+  [ Daniele Tricoli ]
+  * debian/patches/06_do-not-make-SSLv3-mandatory.patch
+    - Since SSL version 3 is insecure it is supported only if Python
+      supports it. (Closes: #770246)
 
+ -- Daniele Tricoli <eriol@mornie.org>  Thu, 20 Nov 2014 13:17:59 +0100
+
 python-urllib3 (1.9.1-2) unstable; urgency=medium
 
   * debian/control
--- debian/patches/series	(revision 31469)
+++ debian/patches/series	(working copy)
@@ -3,3 +3,4 @@
 03_force_setuptools.patch
 04_relax_nosetests_options.patch
 05_avoid-embedded-ssl-match-hostname.patch
+06_do-not-make-SSLv3-mandatory.patch
--- debian/patches/06_do-not-make-SSLv3-mandatory.patch	(revision 0)
+++ debian/patches/06_do-not-make-SSLv3-mandatory.patch	(revision 31487)
@@ -0,0 +1,25 @@
+Description: Since SSL version 3 is insecure it is supported only if Python
+ supports it. In Debian SSL version 3 is disabled in system Python since
+ 2.7.8-12.
+Author: Daniele Tricoli <eriol@mornie.org>
+Forwarded: https://github.com/shazow/urllib3/issues/487#issuecomment-63805742
+Last/Update: 2014-11-20
+
+--- a/urllib3/contrib/pyopenssl.py
++++ b/urllib3/contrib/pyopenssl.py
+@@ -70,9 +70,14 @@
+ # Map from urllib3 to PyOpenSSL compatible parameter-values.
+ _openssl_versions = {
+     ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
+-    ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
+     ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
+ }
++
++try:
++    _openssl_versions.update({ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD})
++except AttributeError:
++    pass
++
+ _openssl_verify = {
+     ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE,
+     ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER,

SR

-- 
Stefano Rivera
  http://tumbleweed.org.za/
  +1 415 683 3272

Reply to:

Follow-Ups:
- Bug#770099: unblock: python-urllib3/1.9.1-3
  - From: Daniele Tricoli <eriol@mornie.org>

References:
- Bug#770099: unblock: python-urllib3/1.9.1-3
  - From: Stefano Rivera <stefanor@debian.org>
- Bug#770099: unblock: python-urllib3/1.9.1-3
  - From: Jonathan Wiltshire <jmw@debian.org>

Prev by Date: Bug#769390: unblock: sane-backends/1.0.24-4
Next by Date: Bug#770414: unblock: gtk+3.0/3.14.5-1
Previous by thread: Bug#770099: unblock: python-urllib3/1.9.1-3
Next by thread: Bug#770099: unblock: python-urllib3/1.9.1-3
Index(es):
- Date
- Thread