- Add CVE-2024-37891.patch (bsc#1226469, bsc#1229654)
- Remove strict OpenSSL 1.1.1 version checking
- Update to 2.0.7 (bsc#1216377, CVE-2023-45803):
  * Made body stripped from HTTP requests changing the request method
    to GET after HTTP 303 "See Other" redirect responses.
- Update Buildrequires to upstream list.
- Update to 2.0.6 (bsc#1215968, CVE-2023-43804):
  * Added the Cookie header to the list of headers to strip from
    requests when redirecting to a different host. As before, different
    headers can be set via Retry.remove_headers_on_redirect
- Update to 2.0.5:
  * Allowed pyOpenSSL third-party module without any deprecation
    warning. #3126
  * Fixed default blocksize of HTTPConnection classes to match
    high-level classes. Previously was 8KiB, now 16KiB. #3066
- Update to 2.0.4:
  * Added support for union operators to ``HTTPHeaderDict``
  * Added ``BaseHTTPResponse`` to ``urllib3.__all__`` (`#3078
  * Fixed ``urllib3.connection.HTTPConnection`` to raise the
    ``http.client.connect`` audit event to have the same behavior
    as the standard library HTTP client
  * Relied on the standard library for checking hostnames in
    supported PyPy releases
- Disable test_deprecated_no_scheme so it needs network connection to
  run correctly.
- Update to 2.0.3:
  * Allowed alternative SSL libraries such as LibreSSL, while
    still issuing a warning as we cannot help users facing issues
    with implementations other than OpenSSL.
  * Deprecated URLs which don't have an explicit scheme

• Files Changed
• Browse Source