clone 770157 -1
reassign -1 src:requests
tags -1 + patch
thanks
please find attached a patch which doesn't make requests rely on sslv3.
On 11/19/2014 10:18 AM, Estevo Paz wrote:
Package: libpython2.7-stdlib
Version: 2.7.8-12
Severity: grave
--- Please enter the report below this line. ---
ipython session:
In [7]: import requests
---------------------------------------------------------------------------
AttributeError Traceback (most recent call last)
<ipython-input-7-686486c241c8> in <module>()
----> 1 import requests
/usr/lib/python2.7/dist-packages/requests/__init__.py in <module>()
66 sys.modules[where + '.' + name] = module
67
---> 68 _attach_namespace(urllib3, 'requests.packages')
69 del _attach_namespace
70 # Python 3 needs this imported explicitly.
/usr/lib/python2.7/dist-packages/requests/__init__.py in
_attach_namespace(package, where)
61 package.__name__
+ '.'):
62 try:
---> 63 module = __import__(name)
64 except ImportError:
65 continue
/usr/lib/python2.7/dist-packages/urllib3/contrib/pyopenssl.py in <module>()
71 _openssl_versions = {
72 ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
---> 73 ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
74 ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
75 }
AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'
diff -Nru requests-2.4.3/debian/changelog requests-2.4.3/debian/changelog
--- requests-2.4.3/debian/changelog 2014-11-14 09:33:09.000000000 +0100
+++ requests-2.4.3/debian/changelog 2014-11-19 11:49:45.000000000 +0100
@@ -1,3 +1,9 @@
+requests (2.4.3-4ubuntu1) vivid; urgency=medium
+
+ * Don't rely on ssl.PROTOCOL_SSLv3 being defined.
+
+ -- Matthias Klose <d...@ubuntu.com> Wed, 19 Nov 2014 12:49:16 +0200
+
requests (2.4.3-4) unstable; urgency=medium
* debian/patches/04_make-requests.packages.urllib3-same-as-urllib3.patch
diff -Nru requests-2.4.3/debian/patches/no-sslv3.diff
requests-2.4.3/debian/patches/no-sslv3.diff
--- requests-2.4.3/debian/patches/no-sslv3.diff 1970-01-01 01:00:00.000000000
+0100
+++ requests-2.4.3/debian/patches/no-sslv3.diff 2014-11-19 11:49:11.000000000
+0100
@@ -0,0 +1,24 @@
+Index: b/requests/packages/urllib3/contrib/pyopenssl.py
+===================================================================
+--- a/requests/packages/urllib3/contrib/pyopenssl.py
++++ b/requests/packages/urllib3/contrib/pyopenssl.py
+@@ -68,11 +68,17 @@ __all__ = ['inject_into_urllib3', 'extra
+ HAS_SNI = SUBJ_ALT_NAME_SUPPORT
+
+ # Map from urllib3 to PyOpenSSL compatible parameter-values.
+-_openssl_versions = {
++try:
++ _openssl_versions = {
+ ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
+ ssl.PROTOCOL_SSLv3: OpenSSL.SSL.SSLv3_METHOD,
+ ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
+-}
++ }
++except AttributeError:
++ _openssl_versions = {
++ ssl.PROTOCOL_SSLv23: OpenSSL.SSL.SSLv23_METHOD,
++ ssl.PROTOCOL_TLSv1: OpenSSL.SSL.TLSv1_METHOD,
++ }
+ _openssl_verify = {
+ ssl.CERT_NONE: OpenSSL.SSL.VERIFY_NONE,
+ ssl.CERT_OPTIONAL: OpenSSL.SSL.VERIFY_PEER,
diff -Nru requests-2.4.3/debian/patches/series
requests-2.4.3/debian/patches/series
--- requests-2.4.3/debian/patches/series 2014-11-11 17:28:54.000000000
+0100
+++ requests-2.4.3/debian/patches/series 2014-11-19 11:41:40.000000000
+0100
@@ -2,3 +2,4 @@
02_use-system-chardet-and-urllib3.patch
03_export-IncompleteRead.patch
04_make-requests.packages.urllib3-same-as-urllib3.patch
+no-sslv3.diff
