Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Dear release managers,
please unblock package python-urllib3 1.3-3. It fix an
RC bug (security related): #686872
Debdiff is attached.
Many thanks for your consideration.
Kind regards,
Daniele Tricoli
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru python-urllib3-1.3/debian/changelog python-urllib3-1.3/debian/changelog
--- python-urllib3-1.3/debian/changelog 2012-04-17 22:53:33.000000000 +0200
+++ python-urllib3-1.3/debian/changelog 2012-09-13 19:15:00.000000000 +0200
@@ -1,3 +1,16 @@
+python-urllib3 (1.3-3) unstable; urgency=low
+
+ * debian/control
+ - Added ca-certificates to Recommends field
+ * debian/patches/02_require-cert-verification.patch
+ - require SSL certificate validation by default by using
+ CERT_REQUIRED and using the system
+ /etc/ssl/certs/ca-certificates.crt.
+ Thanks to Jamie Strandboge for report and patch
+ (Closes: #686872)
+
+ -- Daniele Tricoli <er...@mornie.org> Mon, 10 Sep 2012 14:33:35 +0200
+
python-urllib3 (1.3-2) unstable; urgency=low
* debian/control
diff -Nru python-urllib3-1.3/debian/control python-urllib3-1.3/debian/control
--- python-urllib3-1.3/debian/control 2012-04-17 22:52:35.000000000 +0200
+++ python-urllib3-1.3/debian/control 2012-09-13 18:17:50.000000000 +0200
@@ -25,6 +25,8 @@
${misc:Depends},
${python:Depends},
python-six
+Recommends:
+ ca-certificates
Description: HTTP library with thread-safe connection pooling for Python
urllib3 supports features left out of urllib and urllib2 libraries.
.
@@ -44,6 +46,8 @@
${misc:Depends},
${python3:Depends},
python3-six
+Recommends:
+ ca-certificates
Description: HTTP library with thread-safe connection pooling for Python3
urllib3 supports features left out of urllib and urllib2 libraries.
.
diff -Nru python-urllib3-1.3/debian/patches/02_require-cert-verification.patch python-urllib3-1.3/debian/patches/02_require-cert-verification.patch
--- python-urllib3-1.3/debian/patches/02_require-cert-verification.patch 1970-01-01 01:00:00.000000000 +0100
+++ python-urllib3-1.3/debian/patches/02_require-cert-verification.patch 2012-09-13 18:17:50.000000000 +0200
@@ -0,0 +1,19 @@
+Author: Jamie Strandboge <ja...@canonical.com>
+Description: require SSL certificate validation by default by using
+ CERT_REQUIRED and using the system /etc/ssl/certs/ca-certificates.crt
+Bug-Ubuntu: https://launchpad.net/bugs/1047054
+Bug-Debian: http://bugs.debian.org/686872
+
+Index: python-urllib3-1.3/urllib3/connectionpool.py
+===================================================================
+--- python-urllib3-1.3.orig/urllib3/connectionpool.py 2012-09-06 16:03:50.000000000 -0500
++++ python-urllib3-1.3/urllib3/connectionpool.py 2012-09-06 16:08:59.000000000 -0500
+@@ -463,7 +463,7 @@
+ strict=False, timeout=None, maxsize=1,
+ block=False, headers=None,
+ key_file=None, cert_file=None,
+- cert_reqs='CERT_NONE', ca_certs=None):
++ cert_reqs='CERT_REQUIRED', ca_certs='/etc/ssl/certs/ca-certificates.crt'):
+
+ super(HTTPSConnectionPool, self).__init__(host, port,
+ strict, timeout, maxsize,
diff -Nru python-urllib3-1.3/debian/patches/series python-urllib3-1.3/debian/patches/series
--- python-urllib3-1.3/debian/patches/series 2012-02-10 23:46:21.000000000 +0100
+++ python-urllib3-1.3/debian/patches/series 2012-09-13 18:17:50.000000000 +0200
@@ -1 +1,2 @@
01_do-not-use-embedded-python-six.patch
+02_require-cert-verification.patch
