Packages changed: grub2 iputils kexec-tools (2.0.18 -> 2.0.19) openssl (1.1.1b -> 1.1.1c) openssl-1_1 (1.1.1b -> 1.1.1c) python-Babel (2.6.0 -> 2.7.0) python-cryptography (2.6.1 -> 2.7) python-pycryptodome (3.8.1 -> 3.8.2) python-rpm-macros (20190430.5260267 -> 20190610.2ee3233) python-six python-urllib3 (1.24.2 -> 1.25.3) python3 (3.7.2 -> 3.7.3) python3-base (3.7.2 -> 3.7.3) salt systemd-presets-branding-MicroOS zstd === Details === ==== grub2 ==== Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi - Avoid high resolution when trying to keep current mode (bsc#1133842) * grub2-video-limit-the-resolution-for-fixed-bimap-font.patch - Make GRUB_SAVEDEFAULT working with btrfs (bsc#1128592) * grub2-grubenv-in-btrfs-header.patch ==== iputils ==== - Add patch ping-Fix-unwanted-bell-on-unreachable-address.patch (boo#1135118) ==== kexec-tools ==== Version update (2.0.18 -> 2.0.19) - Bump to version 2.0.19 Changelog: http://git.kernel.org/cgit/utils/kernel/kexec/kexec-tools.git/log/?id=refs/tags/v2.0.18..v2.0.19 ==== openssl ==== Version update (1.1.1b -> 1.1.1c) - Update to 1.1.1c release ==== openssl-1_1 ==== Version update (1.1.1b -> 1.1.1c) Subpackages: libopenssl1_1 - Use upstream patch for the locale crash (bsc#1135550) * https://github.com/openssl/openssl/pull/8966 - delete openssl-fix_underflow_in_errstr_handling.patch - add 0001-build_SYS_str_reasons-Fix-a-crash-caused-by-overlong.patch - Add s390x vectorized support for ChaCha20 and Poly1305 (jsc#SLE-6126, jsc#SLE-6129) * 0001-s390x-assembly-pack-perlasm-support.patch * 0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch * 0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch * 0004-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch * 0005-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch * 0006-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch - delete 0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch - Update to 1.1.1c (bsc#1133925, jsc#SLE-6430) * Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543) ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. * Add build tests for C++. These are generated files that only do one thing, to include one public OpenSSL head file each. This tests that the public header files can be usefully included in a C++ application. * Enable SHA3 pre-hashing for ECDSA and DSA. * Change the default RSA, DSA and DH size to 2048 bit instead of 1024. This changes the size when using the genpkey app when no size is given. It fixes an omission in earlier changes that changed all RSA, DSA and DH generation apps to use 2048 bits by default. * Reorganize the manual pages to consistently have RETURN VALUES, EXAMPLES, SEE ALSO and HISTORY come in that order, and adjust util/fix-doc-nits accordingly. * Add the missing accessor EVP_PKEY_get0_engine() * Have apps like 's_client' and 's_server' output the signature scheme along with other cipher suite parameters when debugging. * Make OPENSSL_config() error agnostic again. * Do the error handling in RSA decryption constant time. * Ensure that SM2 only uses SM3 as digest algorithm - drop upstreamed patches: * openssl-fix-handling-of-GNU-strerror_r.patch * 0001-Fix-for-BIO_get_mem_ptr-and-related-regressions.patch - update keyring by including Richard Levitte's key ==== python-Babel ==== Version update (2.6.0 -> 2.7.0) - version update to 2.7.0 Possibly incompatible changes * General: Internal uses of ``babel.util.odict`` have been replaced with ``collections.OrderedDict`` from The Python standard library. Improvements * CLDR: Upgrade to CLDR 35.1 - Alberto Mardegan, Aarni Koskela (#626, #643) * General: allow anchoring path patterns to the start of a string - Brian Cappello (#600) * General: Bumped version requirement on pytz - @chrisbrake (#592) * Messages: `pybabel compile`: exit with code 1 if errors were encountered - Aarni Koskela (#647) * Messages: Add omit-header to update_catalog - Cédric Krier (#633) * Messages: Catalog update: keep user comments from destination by default - Aarni Koskela (#648) * Messages: Skip empty message when writing mo file - Cédric Krier (#564) * Messages: Small fixes to avoid crashes on badly formatted .po files - Bryn Truscott (#597) * Numbers: `parse_decimal()` `strict` argument and `suggestions` - Charly C (#590) * Numbers: don't repeat suggestions in parse_decimal strict - Serban Constantin (#599) * Numbers: implement currency formatting with long display names - Luke Plant (#585) * Numbers: parse_decimal(): assume spaces are equivalent to non-breaking spaces when not in strict mode - Aarni Koskela (#649) * Performance: Cache locale_identifiers() - Aarni Koskela (#644) Bugfixes * CLDR: Skip alt=... for week data (minDays, firstDay, weekendStart, weekendEnd) - Aarni Koskela (#634) * Dates: Fix wrong weeknumber for 31.12.2018 - BT-sschmid (#621) * Locale: Avoid KeyError trying to get data on WindowsXP - mondeja (#604) * Locale: get_display_name(): Don't attempt to concatenate variant information to None - Aarni Koskela (#645) * Messages: pofile: Add comparison operators to _NormalizedString - Aarni Koskela (#646) * Messages: pofile: don't crash when message.locations can't be sorted - Aarni Koskela (#646) ==== python-cryptography ==== Version update (2.6.1 -> 2.7) - update to 2.7 * BACKWARDS INCOMPATIBLE: Removed the cryptography.hazmat.primitives.mac.MACContext interface. The CMAC and HMAC APIs have not changed, but they are no longer registered as MACContext instances. * Removed support for running our tests with setup.py test. * Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305` when using OpenSSL 1.1.1 or newer. * Support serialization with Encoding.OpenSSH and PublicFormat.OpenSSH in :meth:`Ed25519PublicKey.public_bytes ` . * Correctly allow passing a SubjectKeyIdentifier to :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier` and deprecate passing an Extension object. - Simplify the test execution to be more understandable ==== python-pycryptodome ==== Version update (3.8.1 -> 3.8.2) - Update Source to point to github. - Update to 3.8.2 * GH#291: fix strict aliasing problem, emerged with GCC 9.1. ==== python-rpm-macros ==== Version update (20190430.5260267 -> 20190610.2ee3233) - Update to version 20190610.2ee3233: * Fix typo, missing opening brace. * Add the first draft of pyproject_wheel and pyproject_install macros. * Yet another attempt to preserve $PYTHONPATH set in the environment. * Document also %pytest_arch * Document %pytest in README.md * Multiline macros don't work correctly on older RPMs. * Add missing $ expansion on the pytest call * Rewrite pytest and pytest_arch into Lua macros with multiple arguments. * We should preserve existing PYTHONPATH. * Add --ignore to pytest calls to ignore build directories. - Update to version 20190610.2ee3233: * Fix typo, missing opening brace. - Update to version 20190511.2ed22b6: * Add the first draft of pyproject_wheel and pyproject_install macros. ==== python-six ==== - Fix pytest call - Fixdocumentation package generating ==== python-urllib3 ==== Version update (1.24.2 -> 1.25.3) - Fixup pre script: the migration issue happens when changing from python-urllib3 to python2-urllib3: the number of installed instances of python2-urlliib3 is at this moment 1, unlike in regular updates. This is due to a name change, which consists not of a pure package update. - Provides/Obsoletes does not fix the issue: we have a directory-to-symlink switch, which cannot be handled by RPM internally. Assist using pre script (boo#1138715). - Fix Upgrade from Leap 42.1/42.2 by adding Obsoletes/Provides: python-urllib3, fixes boo#1138746 - Skip test_source_address_error as we raise different error with fixes that we provide in new python2/3 - Add more test to skip as with new openssl some behaviour changed and we can't rely on them anymore - Unbundle the six, rfc3986, and backports.ssl_match_hostname - Update to 1.25.3: * Change HTTPSConnection to load system CA certificates when ca_certs, ca_cert_dir, and ssl_context are unspecified. (Pull #1608, Issue #1603) * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605) - Update to 1.25.2: * Change is_ipaddress to not detect IPvFuture addresses. (Pull #1583) * Change parse_url to percent-encode invalid characters within the path, query, and target components. (Pull #1586) * Add support for Google's Brotli package. (Pull #1572, Pull #1579) * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578) - Require all the deps from the secure list rather than Recommend. This makes the check to be run always and ensure the urls are "secure". - Remove ndg-httpsclient as it is not needed since 2015 - Add missing dependency on brotlipy - Fix the tests to pass again - update to 1.25 (bsc#1132663, CVE-2019-11236): * Require and validate certificates by default when using HTTPS * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant. * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use encrypted ``key_file`` without creating your own ``SSLContext`` object. * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext`` implementations. (Pull #1496) * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. * Fixed issue where OpenSSL would block if an encrypted client private key was given and no password was given. Instead an ``SSLError`` is raised. * Added support for Brotli content encoding. It is enabled automatically if ``brotlipy`` package is installed which can be requested with ``urllib3[brotli]`` extra. * Drop ciphers using DSS key exchange from default TLS cipher suites. Improve default ciphers when using SecureTransport. * Implemented a more efficient ``HTTPResponse.__iter__()`` method. - Drop urllib3-test-ssl-drop-sslv3.patch . No longer needed - Update to 1.24.2: - Implemented a more efficient HTTPResponse.__iter__() method. (Issue #1483) - Upgraded urllib3.utils.parse_url() to be RFC 3986 compliant. (Pull #1487) - Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) - Added support for key_password for HTTPSConnectionPool to use encrypted key_file without creating your own SSLContext object. (Pull #1489) - Fixed issue where OpenSSL would block if an encrypted client private key was given and no password was given. Instead an SSLError is raised. (Pull #1489) - Require and validate certificates by default when using HTTPS (Pull #1507) - Added support for Brotli content encoding. It is enabled automatically if brotlipy package is installed which can be requested with urllib3[brotli] extra. (Pull #1532) - Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport SSLContext implementations. (Pull #1496) - Drop ciphers using DSS key exchange from default TLS cipher suites. Improve default ciphers when using SecureTransport. (Pull #1496) - Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269) - Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft. (Issue #303, PR #1492) - Update to 1.24.1: * Remove quadratic behavior within GzipDecoder.decompress() (Issue #1467) * Restored functionality of ciphers parameter for create_urllib3_context(). (Issue #1462) - Update to 1.24: * Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449) * Test against Python 3.7 on AppVeyor. (Pull #1453) * Early-out ipv6 checks when running on App Engine. (Pull #1450) * Change ambiguous description of backoff_factor (Pull #1436) * Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442) * Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405). * Add a server_hostname parameter to HTTPSConnection which allows for overriding the SNI hostname sent in the handshake. (Pull #1397) * Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430) * Fixed bug where responses with header Content-Type: message/* erroneously raised HeaderParsingError, resulting in a warning being logged. (Pull #1439) * Move urllib3 to src/urllib3 (Pull #1409) - Drop patch 1414.patch merged upstream - Refresh patches: * python-urllib3-recent-date.patch * urllib3-ssl-default-context.patch - Switch to multibuild to minize requirements for providing urllib3 module. - fix dependency again for passing tests for python 2.x - Do not use ifpython2 for BRs where it does not work - add python-ipaddress dependency for python 2.x - Drop not needed devel and nose deps - update to 1.23 - add 1414.patch - fix tests with new tornado - refresh python-urllib3-recent-date.patch - drop urllib3-test-no-coverage.patch * Allow providing a list of headers to strip from requests when redirecting to a different host. Defaults to the Authorization header. Different headers can be set via Retry.remove_headers_on_redirect. * Fix util.selectors._fileobj_to_fd to accept long * Dropped Python 3.3 support. * Put the connection back in the pool when calling stream() or read_chunked() on a chunked HEAD response. * Fixed pyOpenSSL-specific ssl client authentication issue when clients attempted to auth via certificate + chain * Add the port to the connectionpool connect print * Don't use the uuid module to create multipart data boundaries. * read_chunked() on a closed response returns no chunks. * Add Python 2.6 support to contrib.securetransport * Added support for auth info in url for SOCKS proxy - Allows Recommends and Suggest in Fedora - Recommends only for SUSE - disable more flaky tests specifically for PowerPC - Add python-urllib3-recent-date.patch: Fix test suite, use correct date (gh#shazow/urllib3#1303, boo#1074247). - use python3 for detection, in anticipation of python2 removal - Disable tests that timeout - update to 1.22: * Fixed missing brackets in ``HTTP CONNECT`` when connecting to IPv6 address via IPv6 proxy. (Issue #1222) * Made the connection pool retry on ``SSLError``. The original ``SSLError`` is available on ``MaxRetryError.reason``. (Issue #1112) * Drain and release connection before recursing on retry/redirect. Fixes deadlocks with a blocking connectionpool. (Issue #1167) * Fixed compatibility for cookiejar. (Issue #1229) * pyopenssl: Use vendored version of ``six``. (Issue #1231) - use pytest for running the tests. That is what upstream is doing - update to 1.21.1: * Fixed SecureTransport issue that would cause long delays in response body delivery. (Pull #1154) * Fixed regression in 1.21 that threw exceptions when users passed the ``socket_options`` flag to the ``PoolManager``. (Issue #1165) * Fixed regression in 1.21 that threw exceptions when users passed the ``assert_hostname`` or ``assert_fingerprint`` flag to the ``PoolManager``. * Improved performance of certain selector system calls on Python 3.5 and later. (Pull #1095) * Resolved issue where the PyOpenSSL backend would not wrap SysCallError exceptions appropriately when sending data. (Pull #1125) * Selectors now detects a monkey-patched select module after import for modules that patch the select module like eventlet, greenlet. (Pull #1128) * Reduced memory consumption when streaming zlib-compressed responses (as opposed to raw deflate streams). (Pull #1129) * Connection pools now use the entire request context when constructing the pool key. (Pull #1016) * ``PoolManager.connection_from_*`` methods now accept a new keyword argument, ``pool_kwargs``, which are merged with the existing ``connection_pool_kw``. * Add retry counter for ``status_forcelist``. (Issue #1147) * Added ``contrib`` module for using SecureTransport on macOS: ``urllib3.contrib.securetransport``. (Pull #1122) * urllib3 now only normalizes the case of ``http://`` and ``https://`` schemes: for schemes it does not recognise, it assumes they are case-sensitive and leaves them unchanged. - Relax python-nose version requirement on SLE 12 (fate#321630) - merge python3 modifications - update for multipython build - update to 1.20: * Added support for waiting for I/O using selectors other than select, improving urllib3?s behaviour with large numbers of concurrent connections. (Pull #1001) * Updated the date for the system clock check. (Issue #1005) * ConnectionPools now correctly consider hostnames to be case-insensitive. (Issue #1032) * Outdated versions of PyOpenSSL now cause the PyOpenSSL contrib module to fail when it is injected, rather than at first use. (Pull #1063) * Outdated versions of cryptography now cause the PyOpenSSL contrib module to fail when it is injected, rather than at first use. (Issue #1044) * Automatically attempt to rewind a file-like body object when a request is retried or redirected. (Pull #1039) * Fix some bugs that occur when modules incautiously patch the queue module. (Pull #1061) * Prevent retries from occuring on read timeouts for which the request method was not in the method whitelist. (Issue #1059) * Changed the PyOpenSSL contrib module to lazily load idna to avoid unnecessarily bloating the memory of programs that don?t need it. (Pull #1076) * Add support for IPv6 literals with zone identifiers. (Pull #1013) * Added support for socks5h:// and socks4a:// schemes when working with SOCKS proxies, and controlled remote DNS appropriately. (Issue #1035) update to version 1.19.1 * Forgot to mention #955. * Starting o the user guide. * Add ipaddress marker to setup.cfg. * CHANGES for #897 * Version added 1.17 * Change debug level to 'debug' to match ConnectionPool * Moving some stuff to advanced usage. * Ignore only the unused import error * Uniform checks. * Add test for past date in Retry-After header * Adding all reference docs * Ok, I just gotta see what's going on here. * Adding app engine docs * Keep using the good OpenSSL * Adding timeout section * Removing absolute import in NTLMPool * Use the good OpenSSL. * Small pass at contributing * parse_url: Disallow non-integer digits explicitly in port numbers * Fixup some whitespace. * Updating copy on landing page. * Fix flake8 E305 errors * Use OS default certs when possible * Fleshing out user guide. * Fallback to the vendored ipaddress module. * Updating intersphinx to python 3.4 * Seems like version mismatch is the issue. * Improve the cipher suite comment * Retry backoff time is calculated only from the last consecutive errors sequence * Fix a typo in the user guide documentation * Update docs guide with new dependencies * Tests for #979 * Remove HIGH cipher suites as well. * Adding SSL verification section to user guide. * More CHANGES * Changes for #1017 * Changelog for #1009. * Vendor a backport of the ipaddress module. * CHANGES for 1.19 * Fixed typos * Revert "Fallback to the vendored ipaddress module." * Use "with" to close more files eagerly and also on error * Addressing review comments * First stab at the new index page * Removing unneeded scratch file. * Fixing some references * Moving some stuff around. * CR fixes * Remove 100% requirement from nosetests. * Try using codecov * Remove absolute import. * Split ciphers up to individual lines. * add warning when timeout without total is used on App Engine * We don't want a sad @haikuginger * RequestHistory is a namedtuple instance. * I wonder if we're missing this. * Switching to alabaster theme * Prefer user-supplied host headers. * Try shoving it in tox.ini * Add include=urllib3/* to prevent core module coverage through six.moves * Pointing flake8 specifically at the urllib3 package * CHANGES for #955 * Sorry PyPy. * Add support for ChaCha20. * Make Travis CI fail if docs have warnings or errors * Added CHANGES entry * Test with OpenSSL 1.1 on Mac. * Backport Python 3.5 match_hostname function. * Wrap lines to under 99 chars * Moving docs creation into tox * Gotta use the pyenv everywhere. * Explicitly check if a value in a multipart header is None instead of just a falsy value * Move to a more complex bit of idna handling. * Make codecov enforce 100% coverage. * Error if GAE_PYTHONPATH is not set when running make test-gae * Changes for #258. * adding length_remaining functionality to HTTPResponse * test TLSv1 instead of SSLv3 * fixing infinite loop when stream(None) called * Adding proxy section * Don't forget setup.cfg * Removing TODO * add changelog for #978 * Stop testing our parsing via TLS failure. * CHANGES for #928 * Add support for OS X. * While I'm shotgun debugging. * Merging new release version: 1.19.1 * Clean up some bugs. * Support date in Retry-After header * Defer to URLFetch's default timeout instead of hard coding 5s. * Update Travis PyPy testing to 5.4 * Remove 3DES support. * Seems like Python 2.6 doesn't like -m pip * Adding logging and exceptions. * changing conditional order to prefer isclosed over closed * Have the 'secure' flag install ipaddress. * Respect Retry-After header for redirection * Respect Retry-After header * Correct the import of urljoin for Python 3 * use dunder slots for Url class slots variable * Update README.rst to better reflect new documentation. * Allow PyPy 5.3 to fail * updating CHANGES and CONTRIBUTORS * Clarifying a few things. * Revert "Remove ipaddress marker." * Fix GAE_PYTHONPATH error in Makefile * Removing symlinks from dummyserver certs to fix test suite on Windows * adding in exception for booleans and zero values in timeouts * CHANGES for #930 * add domain and method aware logging to connectionpool (#897) * Add release note about #941 (#943) * Make HTTPResponse.stream() work with file-like body of non-HTTPResponse type (eg StringIO) * Use HTTPException, LifoQueue, Empty, and Full from six * CHANGES for #858 and #887 * Updating links to SSL warning help page. Fixes #918 * More alabaster customizations, starting on TOC * CHANGES for #835 * It's possible but unlikely that we need combine * We actually require cryptography-based PyOpenSSL now. * PySocks 1.5.7 causes problems with IPv6. * fixing socks and ssl docstrings. * Fix doc syntax in user-guide.rst * Urllib3 -> urllib3 * Removing uneeded files. * Dear tox: plz propagate env vars. Thanks. * Favour our own match_hostname over old versions. * Bow before our fruit overlords. * enforce_content_length for incrementally read responses * fixing incorrect message for IncompleteRead * Update setup.cfg * Changelog for #986. * Spelling fixes * Line breaks. * Adding docs/requirements.txt for readthedocs. * CHANGES for #989. * Normalize the scheme and host in the URL parser * Update changes for 1.17 * Changes for #979 * Changelog update for #947. * Update connectionpool.py * Make BodyNotHttplibCompatible inherit from HttpError, urllib3's base exception class, only * Update changes for 1.18 * Update PyOpenSSL to not use ndg-httpsclient or pyasn1 * Retry history changed from list to tuple * Add a cert with IP SAN and test for it. * parse_retry_after: Disallow non-integer digits, allow whitespace * Add failing test for #1009. * Remove markers from setup.py. * Use Travis supplied PyPy 5.3 * Support retry for 413, 429 and 503 status code * Remove ipaddress marker. * Revert "Vendor a backport of the ipaddress module." * Adding retry section * CVE-2016-9015: Correct set verify flags. * Update CHANGES.rst for #911 * Tests for case-insensitivity in the scheme and host * Add changelog for #967. * Try updating setuptools. * Updating flake8 locations * Forward-port 1.18.1 changelog. * Update [secure] extra. * Add more advanced usage docs * CHANGES for #990 * [contrib/pyopenssl] remove unused ssl_wrap_socket * Import more from six - update to 1.16: * Disable IPv6 DNS when IPv6 connections are not possible. (Issue #840) * Provide ``key_fn_by_scheme`` pool keying mechanism that can be overridden. (Issue #830) * Normalize scheme and host to lowercase for pool keys, and include ``source_address``. (Issue #830) * Cleaner exception chain in Python 3 for ``_make_request``. (Issue #861) * Fixed installing ``urllib3[socks]`` extra. (Issue #864) * Fixed signature of ``ConnectionPool.close`` so it can actually safely be called by subclasses. (Issue #873) * Retain ``release_conn`` state across retries. (Issues #651, #866) * Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to ``HTTPResponse`` but can be replaced with a subclass. (Issue #879) - Use pypi.io as Source url - update to 1.15.1: * Fix packaging to include backports module. (Issue #841) * Added Retry(raise_on_status=False). (Issue #720) * Always use setuptools, no more distutils fallback. (Issue #785) * Dropped support for Python 3.2. (Issue #786) * Chunked transfer encoding when requesting with ``chunked=True``. * Fixed regression with IPv6 port parsing. (Issue #801) * Append SNIMissingWarning messages to allow users to specify it in the PYTHONWARNINGS environment variable. (Issue #816) * Handle unicode headers in Py2. (Issue #818) * Log certificate when there is a hostname mismatch. (Issue #820) * Preserve order of request/response headers. (Issue #821) - change Requires on pyopenssl, pyasn1 into Recommends, add ndg-httpsclient as well (these are dependencies of urrlib3's pyopenssl module, which can be used if native python's ssl capabilities are not good enough) - Update 1.14 source tar.gz from the source * Rebase urllib3-test-no-coverage.patch - Update to Version 1.14 (2015-12-29) * contrib: SOCKS proxy support! (Issue #762) * Fixed AppEngine handling of transfer-encoding header and bug in Timeout defaults checking. (Issue #763) - Update to Version 1.13.1 (2015-12-18) * Fixed regression in IPv6 + SSL for match_hostname. (Issue #761) - Update to Version 1.13 (2015-12-14) * Fixed pip install urllib3[secure] on modern pip. (Issue #706) * pyopenssl: Fixed SSL3_WRITE_PENDING error. (Issue #717) * pyopenssl: Support for TLSv1.1 and TLSv1.2. (Issue #696) * Close connections more defensively on exception. (Issue #734) * Adjusted read_chunked to handle gzipped, chunk-encoded bodies without repeatedly flushing the decoder, to function better on Jython. (Issue #743) * Accept ca_cert_dir for SSL-related PoolManager configuration. (Issue #758) - removed ready-event.patch: applied upstream - disabled more dysfunctional tests - restored ability to build with openSUSE <= 13.2 - removed python-certifi dependency, we don't want to use it - drop 0001-Don-t-pin-dependency-to-exact-version.patch because it's not needed anymore - re-enable tests, re-add relevant dependencies * don't exclude test_util.py * exclude proxy timeout tests that fail for spurious reasons - urllib3-ssl-default-context.patch - use set_default_verify_paths() if no certificate path specified and verification not explicitly disabled - urllib3-test-ssl-drop-sslv3.patch - don't use "SSLv3" constants in python 2.7.9 and up - ready-event.patch - fix race conditions in timeout tests - drop %pre section because apparently "egg-info as file" is no longer true and this breaks builds - Delete the system egg-info during pre phase: older versions of the package installed it as a directory, the latest update creates a file, and rpm has known issues with replacing this. - add python-pyOpenSSL, python-certifi and python-pyasn1 requirements - Comment out test requirements, as tests are disabled anyway, and one of these packages depend on python-requests, which depends on this package resulting in a circular dependency for openSUSE <= 13.1 - Update to version 1.12 * Rely on six for importing httplib to work around conflicts with other Python 3 shims. (Issue #688) * Add support for directories of certificate authorities, as supported by OpenSSL. (Issue #701) * New exception: NewConnectionError, raised when we fail to establish a new connection, usually ECONNREFUSED socket error. - Fix version dependencies - Add new build requirements following upstream changes * python-nose-exclude * python-tox * python-twine * python-wheel - Update 0001-Don-t-pin-dependency-to-exact-version.patch - Disable tests for now, as there require network ==== python3 ==== Version update (3.7.2 -> 3.7.3) - Set _lto_cflags to nil as the package is using LTO via --enable-lto. That will prevent to propage LTO for Python modules that are built in a separate package. - bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised. - Fix metadata of patches. - Rename boo1071941-make-install-in-sep-loc.patch to 00251-change-user-install-location.patch which is the original name, so it can be looked up in the Fedora VCS. - Mark distutils bdist_wininst command unsupported with 00316-mark-bdist_wininst-unsupported.patch - Remove Windows bdist_wininst executables from runtime package - Update to 3.7.3, which is the maintenance release without any significant changes in API. - Updated patches: - CVE-2019-5010-null-defer-x509-cert-DOS.patch - distutils-reproducible-compile.patch - python-3.3.0b1-fix_date_time_compiler.patch - python-3.6.0-multilib.patch - raise_SIGING_not_handled.patch - Remove building of Qt Develop help files. ==== python3-base ==== Version update (3.7.2 -> 3.7.3) Subpackages: libpython3_7m1_0 - Set _lto_cflags to nil as the package is using LTO via --enable-lto. That will prevent to propage LTO for Python modules that are built in a separate package. - bsc#1130840 (CVE-2019-9947): add CVE-2019-9947-no-ctrl-char-http.patch Address the issue by disallowing URL paths with embedded whitespace or control characters through into the underlying http client request. Such potentially malicious header injection URLs now cause a ValueError to be raised. - Fix metadata of patches. - Rename boo1071941-make-install-in-sep-loc.patch to 00251-change-user-install-location.patch which is the original name, so it can be looked up in the Fedora VCS. - Mark distutils bdist_wininst command unsupported with 00316-mark-bdist_wininst-unsupported.patch - Remove Windows bdist_wininst executables from runtime package - Update to 3.7.3, which is the maintenance release without any significant changes in API. - Updated patches: - CVE-2019-5010-null-defer-x509-cert-DOS.patch - distutils-reproducible-compile.patch - python-3.3.0b1-fix_date_time_compiler.patch - python-3.6.0-multilib.patch - raise_SIGING_not_handled.patch ==== salt ==== Subpackages: python3-salt salt-master salt-minion - Fix zypper pkg.list_pkgs test expectation and dpkg mocking - Added: * fix-zypper-pkg.list_pkgs-expectation-and-dpkg-mockin.patch - Set 'salt' group for files and directories created by salt-standalone-formulas-configuration package - Various fixes for virt module - Fix virt.volume_infos raising an exception when there is only virtual machine on the minion. - Fix virt.purge() on all non-KVM hypervisors. For instance on Xen, virt.purge would simply throw an exception about unsupported flag - Building a libvirt pool starts it. When defining a new pool, we need to let build start it or we will get libvirt errors. - Fix handling of Virtual Machines with white space in their name. - Added: * virt.pool_running-fix-pool-start.patch * virt-handle-whitespaces-in-vm-names.patch * virt.volume_infos-fix-for-single-vm.patch * try-except-undefineflags-as-this-operation-is-not-su.patch - avoid batch.py exception when minion does not respond (bsc#1135507) - Added: * batch.py-avoid-exception-when-minion-does-not-respon.patch - Preserve already defined DESTRUCTIVE_TESTS and EXPENSIVE_TESTS env variables - Added: * preserve-already-defined-destructive_tests-and-expen.patch - Do not break repo files with multiple line values on yumpkg (bsc#1135360) - Added: * do-not-break-repo-files-with-multiple-line-values-on.patch ==== systemd-presets-branding-MicroOS ==== - BuildRequire pkgconfig(systemd) instead of systemd: allow OBS to shortcut the build queues by allowing usage of systemd-mini ==== zstd ==== - Remove googletest-devel BuildRequires and pzstd-global-gtest.patch because we want zstd in ring0 (due to rpm's zstd payload support) Since googletest is only used in build time (it's for testing after all), this should be fine.