Mon Mar 16 13:58:37 2015 UTC ()
Update to 2.6.0 for a security issue.

2.6.0 (2015-03-14)
++++++++++++++++++

**Bugfixes**

- Fix handling of cookies on redirect. Previously a cookie without a host
  value set would use the hostname for the redirected URL exposing requests
  users to session fixation attacks and potentially cookie stealing. This was
  disclosed privately by Matthew Daley of `BugFuzz <https://bugfuzz.com>`_.
  An CVE identifier has not yet been assigned for this. This affects all
  versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends).

- Fix error when requests is an ``install_requires`` dependency and ``python
  setup.py test`` is run. (#2462)

- Fix error when urllib3 is unbundled and requests continues to use the
  vendored import location.

- Include fixes to ``urllib3``'s header handling.

- Requests' handling of unvendored dependencies is now more restrictive.

**Features and Improvements**

- Support bytearrays when passed as parameters in the ``files`` argument.
  (#2468)

- Avoid data duplication when creating a request with ``str``, ``bytes``, or
  ``bytearray`` input to the ``files`` argument.


(wiz)
diff -r1.14 -r1.15 pkgsrc/devel/py-requests/Makefile
diff -r1.8 -r1.9 pkgsrc/devel/py-requests/distinfo
cvs diff -r1.14 -r1.15 pkgsrc/devel/py-requests/Makefile (expand / switch to unified diff)

--- pkgsrc/devel/py-requests/Makefile 2015/03/15 21:32:27 1.14
+++ pkgsrc/devel/py-requests/Makefile 2015/03/16 13:58:37 1.15
@@ -1,18 +1,17 @@ @@ -1,18 +1,17 @@
1# $NetBSD: Makefile,v 1.14 2015/03/15 21:32:27 wiz Exp $ 1# $NetBSD: Makefile,v 1.15 2015/03/16 13:58:37 wiz Exp $
2 2
3DISTNAME= requests-2.5.3 3DISTNAME= requests-2.6.0
4PKGNAME= ${PYPKGPREFIX}-${DISTNAME} 4PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
5PKGREVISION= 1 
6CATEGORIES= devel www 5CATEGORIES= devel www
7MASTER_SITES= https://pypi.python.org/packages/source/r/requests/ 6MASTER_SITES= https://pypi.python.org/packages/source/r/requests/
8 7
9MAINTAINER= imil@NetBSD.org 8MAINTAINER= imil@NetBSD.org
10HOMEPAGE= http://docs.python-requests.org/en/latest/ 9HOMEPAGE= http://docs.python-requests.org/en/latest/
11COMMENT= HTTP library, written in Python, for human beings 10COMMENT= HTTP library, written in Python, for human beings
12LICENSE= apache-2.0 11LICENSE= apache-2.0
13 12
14USE_LANGUAGES= c 13USE_LANGUAGES= c
15REPLACE_PYTHON= requests/certs.py requests/packages/chardet/chardetect.py 14REPLACE_PYTHON= requests/certs.py requests/packages/chardet/chardetect.py
16 15
17.include "../../lang/python/application.mk" 16.include "../../lang/python/application.mk"
18.include "../../lang/python/egg.mk" 17.include "../../lang/python/egg.mk"
cvs diff -r1.8 -r1.9 pkgsrc/devel/py-requests/distinfo (expand / switch to unified diff)

--- pkgsrc/devel/py-requests/distinfo 2015/03/09 16:57:04 1.8
+++ pkgsrc/devel/py-requests/distinfo 2015/03/16 13:58:37 1.9
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.8 2015/03/09 16:57:04 imil Exp $ 1$NetBSD: distinfo,v 1.9 2015/03/16 13:58:37 wiz Exp $
2 2
3SHA1 (requests-2.5.3.tar.gz) = 9577e27937ff53f1d417d84da75cda17184e1bd0 3SHA1 (requests-2.6.0.tar.gz) = ad7327c73e8be8c188ad489d511097202b1fef12
4RMD160 (requests-2.5.3.tar.gz) = a1217508f5d9f51a851d41686aced41645e0b702 4RMD160 (requests-2.6.0.tar.gz) = c48db06c7ec348f55e9238b8f37019d8f2345c56
5Size (requests-2.5.3.tar.gz) = 448318 bytes 5Size (requests-2.6.0.tar.gz) = 450389 bytes