From owner-svn-ports-all@freebsd.org Tue Nov 26 18:37:59 2019 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A7C8D1BE5D1; Tue, 26 Nov 2019 18:37:59 +0000 (UTC) (envelope-from kai@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 47Mt1z3zf8z47l7; Tue, 26 Nov 2019 18:37:59 +0000 (UTC) (envelope-from kai@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6BF7D12BC; Tue, 26 Nov 2019 18:37:59 +0000 (UTC) (envelope-from kai@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id xAQIbxDo090652; Tue, 26 Nov 2019 18:37:59 GMT (envelope-from kai@FreeBSD.org) Received: (from kai@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id xAQIbwGe090648; Tue, 26 Nov 2019 18:37:58 GMT (envelope-from kai@FreeBSD.org) Message-Id: <201911261837.xAQIbwGe090648@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kai set sender to kai@FreeBSD.org using -f From: Kai Knoblich Date: Tue, 26 Nov 2019 18:37:58 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r518476 - in head: . net/py-urllib3 net/py-urllib3/files X-SVN-Group: ports-head X-SVN-Commit-Author: kai X-SVN-Commit-Paths: in head: . net/py-urllib3 net/py-urllib3/files X-SVN-Commit-Revision: 518476 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Nov 2019 18:37:59 -0000 Author: kai Date: Tue Nov 26 18:37:58 2019 New Revision: 518476 URL: https://svnweb.freebsd.org/changeset/ports/518476 Log: net/py-urllib3: Update to 1.25.6 * Convert the RUN_DEPENDS into separate OPTIONS as they are listed as extra dependencies in setup.py. Also set those as default that contain the previous RUN_DEPENDS to allow a clean transition. * Remove the Python-specific version limitation for security/py-certifi because it's required for all Python versions. * Also remove the info about the broken IPv6 support of net/py-socks (was broken in 1.5.7) and the relevant patch as both are obsolete. * Update the TEST_DEPENDS and add a "do-test" target to make future QA easier. Please note that a MFH won't be done as it didn't get an approval because there are too much changes to make it work in the 2019Q4 branch. [1] Notable changes since 1.22: * Require and validate certificates by default when using HTTPS. * Add mitigation for BPO-37428 affecting Python < 3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using "cert_reqs=CERT_NONE". * Add TLSv1.3 support to CPython, pyOpenSSL and SecureTransport "SSLContext" implementations. https://github.com/urllib3/urllib3/blob/1.25.6/CHANGES.rst Exp-run by: antoine PR: 229322 [1] Reported by: Patrice Clement Security: 87270ba5-03d3-11ea-b81f-3085a9a95629 Deleted: head/net/py-urllib3/files/patch-setup.py Modified: head/UPDATING head/net/py-urllib3/Makefile head/net/py-urllib3/distinfo head/net/py-urllib3/files/pkg-message.in Modified: head/UPDATING ============================================================================== --- head/UPDATING Tue Nov 26 17:45:35 2019 (r518475) +++ head/UPDATING Tue Nov 26 18:37:58 2019 (r518476) @@ -5,6 +5,28 @@ they are unavoidable. You should get into the habit of checking this file for changes each time you update your ports collection, before attempting any port upgrades. +20191126: + AFFECTS: consumers of net/py-urllib3 + AUTHOR: kai@FreeBSD.org + + Since version 1.25 HTTPS connections are now verified by default which is + done via "cert_reqs = 'CERT_REQUIRED'". While certificate verification + can be disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to + leave it on. + + Various consumers of net/py-urllib3 already have implemented routines that + either explicitly enable or disable HTTPS certificate verification (e.g. + via configuration settings, CLI arguments, etc.). + + Yet it may happen that there are still some consumers which don't + explicitly enable/disable certificate verification for HTTPS connections + which could then lead to errors (as is often the case with self-signed + certificates). + + In case of an error one should try first to temporarily disable + certificate verification of the problematic urllib3 consumer to see if + this approach will remedy the issue. + 20191125: AFFECTS: users of emulators/qemu AUTHOR: bofh@FreeBSD.org Modified: head/net/py-urllib3/Makefile ============================================================================== --- head/net/py-urllib3/Makefile Tue Nov 26 17:45:35 2019 (r518475) +++ head/net/py-urllib3/Makefile Tue Nov 26 18:37:58 2019 (r518476) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= urllib3 -PORTVERSION= 1.22 +PORTVERSION= 1.25.6 PORTEPOCH= 1 CATEGORIES= net python MASTER_SITES= CHEESESHOP @@ -14,25 +14,30 @@ COMMENT= HTTP library with thread-safe connection pool LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE.txt -RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography>=1.3.4:security/py-cryptography@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}idna>=2.0:dns/py-idna@${PY_FLAVOR} \ - ${PY_IPADDRESS} \ - ${PYTHON_PKGNAMEPREFIX}openssl>=16.0:security/py-openssl@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}pysocks>=1.5.7:net/py-pysocks@${PY_FLAVOR} TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}mock>=0:devel/py-mock@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}nose>=0:devel/py-nose@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}pytest>=0:devel/py-pytest@${PY_FLAVOR} -#TEST_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}tornado>=0:www/py-tornado@${PY_FLAVOR} + ${PYTHON_PKGNAMEPREFIX}pytest>=0:devel/py-pytest@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}tornado>=0:www/py-tornado@${PY_FLAVOR} USES= python USE_PYTHON= autoplist concurrent distutils + NO_ARCH= yes SUB_FILES= pkg-message -.include +OPTIONS_DEFINE= BROTLI SOCKS SSL +OPTIONS_DEFAULT=SOCKS SSL -.if ${PYTHON_REL} < 3400 -RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}certifi>=0:security/py-certifi@${PY_FLAVOR} -.endif +BROTLI_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}brotlipy>=0.6.0:archivers/py-brotlipy@${PY_FLAVOR} +SOCKS_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pysocks>=1.5.6:net/py-pysocks@${PY_FLAVOR} +SSL_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}idna>=2.0:dns/py-idna@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}certifi>=0:security/py-certifi@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}cryptography>=1.3.4:security/py-cryptography@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}openssl>=0.14:security/py-openssl@${PY_FLAVOR} \ + ${PY_IPADDRESS} -.include +# Test 'test_ssl_read_timeout' fails with FreeBSD >= 12.0. That was already the +# case with earlier versions of net/py-urllib3. +do-test: + @cd ${WRKSRC} && ${SETENV} LC_ALL=en_US.UTF-8 ${PYTHON_CMD} -m pytest -v -rs -k 'not test_ssl_read_timeout' + +.include Modified: head/net/py-urllib3/distinfo ============================================================================== --- head/net/py-urllib3/distinfo Tue Nov 26 17:45:35 2019 (r518475) +++ head/net/py-urllib3/distinfo Tue Nov 26 18:37:58 2019 (r518476) @@ -1,3 +1,3 @@ -TIMESTAMP = 1500642203 -SHA256 (urllib3-1.22.tar.gz) = cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f -SIZE (urllib3-1.22.tar.gz) = 226083 +TIMESTAMP = 1574013088 +SHA256 (urllib3-1.25.6.tar.gz) = 9a107b99a5393caf59c7aa3c1249c16e6879447533d0887f4336dde834c7be86 +SIZE (urllib3-1.25.6.tar.gz) = 248292 Modified: head/net/py-urllib3/files/pkg-message.in ============================================================================== --- head/net/py-urllib3/files/pkg-message.in Tue Nov 26 17:45:35 2019 (r518475) +++ head/net/py-urllib3/files/pkg-message.in Tue Nov 26 18:37:58 2019 (r518476) @@ -1,7 +1,21 @@ [ -{ type: install +{ message: <