diff options
| author | Kai Knoblich <kai@FreeBSD.org> | 2019-11-26 18:37:58 +0000 |
|---|---|---|
| committer | Kai Knoblich <kai@FreeBSD.org> | 2019-11-26 18:37:58 +0000 |
| commit | cd672417a043a2500385dd4ba8557aba03c8eb0b (patch) | |
| tree | 205174eafc30fa895eae6bfc8fc23f42d99911c4 /UPDATING | |
| parent | 40c1fed29c19c3975c9243aca7d9edf1a5c1c28e (diff) | |
| download | ports-cd672417a043a2500385dd4ba8557aba03c8eb0b.tar.gz ports-cd672417a043a2500385dd4ba8557aba03c8eb0b.zip | |
net/py-urllib3: Update to 1.25.6
* Convert the RUN_DEPENDS into separate OPTIONS as they are listed as extra
dependencies in setup.py. Also set those as default that contain the
previous RUN_DEPENDS to allow a clean transition.
* Remove the Python-specific version limitation for security/py-certifi
because it's required for all Python versions.
* Also remove the info about the broken IPv6 support of net/py-socks (was
broken in 1.5.7) and the relevant patch as both are obsolete.
* Update the TEST_DEPENDS and add a "do-test" target to make future QA easier.
Please note that a MFH won't be done as it didn't get an approval because
there are too much changes to make it work in the 2019Q4 branch. [1]
Notable changes since 1.22:
* Require and validate certificates by default when using HTTPS.
* Add mitigation for BPO-37428 affecting Python < 3.7.4 and OpenSSL 1.1.1+
which caused certificate verification to be enabled when using
"cert_reqs=CERT_NONE".
* Add TLSv1.3 support to CPython, pyOpenSSL and SecureTransport "SSLContext"
implementations.
https://github.com/urllib3/urllib3/blob/1.25.6/CHANGES.rst
Exp-run by: antoine
PR: 229322 [1]
Reported by: Patrice Clement <monsieurp@gentoo.org>
Security: 87270ba5-03d3-11ea-b81f-3085a9a95629
Notes
Notes:
svn path=/head/; revision=518476
Diffstat (limited to 'UPDATING')
| -rw-r--r-- | UPDATING | 22 |
1 files changed, 22 insertions, 0 deletions
@@ -5,6 +5,28 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20191126: + AFFECTS: consumers of net/py-urllib3 + AUTHOR: kai@FreeBSD.org + + Since version 1.25 HTTPS connections are now verified by default which is + done via "cert_reqs = 'CERT_REQUIRED'". While certificate verification + can be disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to + leave it on. + + Various consumers of net/py-urllib3 already have implemented routines that + either explicitly enable or disable HTTPS certificate verification (e.g. + via configuration settings, CLI arguments, etc.). + + Yet it may happen that there are still some consumers which don't + explicitly enable/disable certificate verification for HTTPS connections + which could then lead to errors (as is often the case with self-signed + certificates). + + In case of an error one should try first to temporarily disable + certificate verification of the problematic urllib3 consumer to see if + this approach will remedy the issue. + 20191125: AFFECTS: users of emulators/qemu AUTHOR: bofh@FreeBSD.org |