Package: python-urllib3 / 1.26.12-1+deb12u1

Metadata

Package Version Patches format
python-urllib3 1.26.12-1+deb12u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01_do not use embedded python six.patch | (download)

dummyserver/handlers.py | 6 3 + 3 - 0 !
src/urllib3/_collections.py | 4 2 + 2 - 0 !
src/urllib3/connection.py | 6 3 + 3 - 0 !
src/urllib3/connectionpool.py | 5 3 + 2 - 0 !
src/urllib3/contrib/_securetransport/bindings.py | 2 1 + 1 - 0 !
src/urllib3/contrib/appengine.py | 2 1 + 1 - 0 !
src/urllib3/contrib/ntlmpool.py | 2 1 + 1 - 0 !
src/urllib3/contrib/pyopenssl.py | 2 1 + 1 - 0 !
src/urllib3/exceptions.py | 2 1 + 1 - 0 !
src/urllib3/fields.py | 2 1 + 1 - 0 !
src/urllib3/filepost.py | 4 2 + 2 - 0 !
src/urllib3/poolmanager.py | 4 2 + 2 - 0 !
src/urllib3/request.py | 2 1 + 1 - 0 !
src/urllib3/response.py | 2 1 + 1 - 0 !
src/urllib3/util/connection.py | 5 3 + 2 - 0 !
src/urllib3/util/queue.py | 4 2 + 2 - 0 !
src/urllib3/util/request.py | 2 1 + 1 - 0 !
src/urllib3/util/response.py | 2 1 + 1 - 0 !
src/urllib3/util/retry.py | 2 1 + 1 - 0 !
src/urllib3/util/ssl_.py | 2 1 + 1 - 0 !
src/urllib3/util/ssltransport.py | 2 1 + 1 - 0 !
src/urllib3/util/url.py | 2 1 + 1 - 0 !
test/__init__.py | 2 1 + 1 - 0 !
test/test_collections.py | 2 1 + 1 - 0 !
test/test_compatibility.py | 2 1 + 1 - 0 !
test/test_connectionpool.py | 6 3 + 3 - 0 !
test/test_fields.py | 2 1 + 1 - 0 !
test/test_filepost.py | 2 1 + 1 - 0 !
test/test_queue_monkeypatch.py | 2 1 + 1 - 0 !
test/test_response.py | 2 1 + 1 - 0 !
test/test_retry.py | 4 2 + 2 - 0 !
test/test_retry_deprecated.py | 4 2 + 2 - 0 !
test/test_util.py | 2 1 + 1 - 0 !
test/with_dummyserver/test_connectionpool.py | 4 2 + 2 - 0 !
test/with_dummyserver/test_https.py | 2 1 + 1 - 0 !
test/with_dummyserver/test_socketlevel.py | 2 1 + 1 - 0 !
36 files changed, 53 insertions(+), 51 deletions(-)

 do not use embedded copy of python-six.

02_require cert verification.patch | (download)

src/urllib3/connectionpool.py | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 require ssl certificate validation by default by using

 CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt
Bug-Ubuntu: https://launchpad.net/bugs/1047054
Bug-Debian: http://bugs.debian.org/686872
CVE 2023 43804.patch | (download)

src/urllib3/util/retry.py | 2 1 + 1 - 0 !
test/test_retry.py | 4 2 + 2 - 0 !
test/test_retry_deprecated.py | 2 1 + 1 - 0 !
test/with_dummyserver/test_poolmanager.py | 24 19 + 5 - 0 !
4 files changed, 23 insertions(+), 9 deletions(-)

 backport ghsa-v845-jxx5-vc9f

Co-authored-by: Quentin Pradet <quentin.pradet@gmail.com>
Co-authored-by: Illia Volochii <illia.volochii@gmail.com>
CVE 2023 45803.patch | (download)

dummyserver/handlers.py | 7 7 + 0 - 0 !
src/urllib3/_collections.py | 18 18 + 0 - 0 !
src/urllib3/connectionpool.py | 5 5 + 0 - 0 !
src/urllib3/poolmanager.py | 7 5 + 2 - 0 !
test/with_dummyserver/test_connectionpool.py | 11 11 + 0 - 0 !
test/with_dummyserver/test_poolmanager.py | 15 15 + 0 - 0 !
6 files changed, 61 insertions(+), 2 deletions(-)

 merge pull request from ghsa-g4mx-q9vg-27p4

CVE 2024 37891.patch | (download)

src/urllib3/util/retry.py | 4 3 + 1 - 0 !
test/test_retry.py | 6 5 + 1 - 0 !
test/test_retry_deprecated.py | 6 5 + 1 - 0 !
test/with_dummyserver/test_poolmanager.py | 26 23 + 3 - 0 !
4 files changed, 36 insertions(+), 6 deletions(-)

 merge pull request from ghsa-34jh-p97f-mpxf

Strip Proxy-Authorization header on redirects