CVS commit: pkgsrc/devel/py-requests

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/devel/py-requests
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Mon, 16 Mar 2015 13:58:37 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Mon Mar 16 13:58:37 UTC 2015

Modified Files:
        pkgsrc/devel/py-requests: Makefile distinfo

Log Message:
Update to 2.6.0 for a security issue.

2.6.0 (2015-03-14)
++++++++++++++++++

**Bugfixes**

- Fix handling of cookies on redirect. Previously a cookie without a host
  value set would use the hostname for the redirected URL exposing requests
  users to session fixation attacks and potentially cookie stealing. This was
  disclosed privately by Matthew Daley of `BugFuzz <https://bugfuzz.com>`_.
  An CVE identifier has not yet been assigned for this. This affects all
  versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends).

- Fix error when requests is an ``install_requires`` dependency and ``python
  setup.py test`` is run. (#2462)

- Fix error when urllib3 is unbundled and requests continues to use the
  vendored import location.

- Include fixes to ``urllib3``'s header handling.

- Requests' handling of unvendored dependencies is now more restrictive.

**Features and Improvements**

- Support bytearrays when passed as parameters in the ``files`` argument.
  (#2468)

- Avoid data duplication when creating a request with ``str``, ``bytes``, or
  ``bytearray`` input to the ``files`` argument.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/py-requests/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/devel/py-requests/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/lang
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/lang
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index