Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-requests for openSUSE:Factory
checked in at 2025-07-15 16:43:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-requests (Old)
and /work/SRC/openSUSE:Factory/.python-requests.new.7373 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-requests"
Tue Jul 15 16:43:06 2025 rev:88 rq:1293092 version:2.32.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-requests/python-requests.changes
2025-06-11 16:21:11.823133876 +0200
+++
/work/SRC/openSUSE:Factory/.python-requests.new.7373/python-requests.changes
2025-07-15 16:43:44.959633500 +0200
@@ -1,0 +2,7 @@
+Mon Jul 14 09:20:12 UTC 2025 - Daniel Garcia <daniel.gar...@suse.com>
+
+- Add revert-caching-default-sslcontext.patch upstream patch to avoid
+ problems with certificate caching in sslcontext.
+ bsc#1246104, gh#psf/requests#6767
+
+-------------------------------------------------------------------
New:
----
revert-caching-default-sslcontext.patch
----------(New B)----------
New:
- Add revert-caching-default-sslcontext.patch upstream patch to avoid
problems with certificate caching in sslcontext.
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-requests.spec ++++++
--- /var/tmp/diff_new_pack.9o35gU/_old 2025-07-15 16:43:46.671697171 +0200
+++ /var/tmp/diff_new_pack.9o35gU/_new 2025-07-15 16:43:46.679697468 +0200
@@ -34,6 +34,8 @@
Source:
https://files.pythonhosted.org/packages/source/r/requests/requests-%{version}.tar.gz
# PATCH-FIX-UPSTREAM gh#psf/requests#6731
Patch0: inject-default-ca-bundles.patch
+# PATCH-FIX-UPSTREAM revert-caching-default-sslcontext.patch
gh#psf/requests#6767
+Patch1: revert-caching-default-sslcontext.patch
BuildRequires: %{python_module base >= 3.7}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools}
++++++ revert-caching-default-sslcontext.patch ++++++
>From d520f46f94d0e637d440c6c0d55aa49240e2d46a Mon Sep 17 00:00:00 2001
From: Nate Prewitt <nate.prew...@gmail.com>
Date: Thu, 18 Jul 2024 09:51:10 -0700
Subject: [PATCH] Revert caching a default SSLContext
---
src/requests/adapters.py | 55 ++++++++++++----------------------------
1 file changed, 16 insertions(+), 39 deletions(-)
Index: requests-2.32.4/src/requests/adapters.py
===================================================================
--- requests-2.32.4.orig/src/requests/adapters.py
+++ requests-2.32.4/src/requests/adapters.py
@@ -27,7 +27,6 @@ from urllib3.poolmanager import PoolMana
from urllib3.util import Timeout as TimeoutSauce
from urllib3.util import parse_url
from urllib3.util.retry import Retry
-from urllib3.util.ssl_ import create_urllib3_context
from .auth import _basic_auth_str
from .compat import basestring, urlparse
@@ -74,36 +73,6 @@ DEFAULT_RETRIES = 0
DEFAULT_POOL_TIMEOUT = None
-try:
- import ssl # noqa: F401
-
- _preloaded_ssl_context = create_urllib3_context()
- _preloaded_ssl_context.load_verify_locations(
- extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
- )
-except ImportError:
- # Bypass default SSLContext creation when Python
- # interpreter isn't built with the ssl module.
- _preloaded_ssl_context = None
-
-
-def _should_use_default_context(
- verify: "bool | str | None",
- client_cert: "typing.Tuple[str, str] | str | None",
- poolmanager_kwargs: typing.Dict[str, typing.Any],
-) -> bool:
- # Determine if we have and should use our default SSLContext
- # to optimize performance on standard requests.
- has_poolmanager_ssl_context = poolmanager_kwargs.get("ssl_context")
- should_use_default_ssl_context = (
- verify is True
- and _preloaded_ssl_context is not None
- and not has_poolmanager_ssl_context
- and client_cert is None
- )
- return should_use_default_ssl_context
-
-
def _urllib3_request_context(
request: "PreparedRequest",
verify: "bool | str | None",
@@ -121,8 +90,6 @@ def _urllib3_request_context(
cert_loc = None
if verify is False:
cert_reqs = "CERT_NONE"
- elif _should_use_default_context(verify, client_cert, poolmanager_kwargs):
- pool_kwargs["ssl_context"] = _preloaded_ssl_context
elif verify is True:
# Set default ca cert location if none provided
cert_loc = extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
@@ -332,24 +299,27 @@ class HTTPAdapter(BaseAdapter):
:param cert: The SSL certificate to verify.
"""
if url.lower().startswith("https") and verify:
- conn.cert_reqs = "CERT_REQUIRED"
+ cert_loc = None
- # Only load the CA certificates if `verify` is a
- # string indicating the CA bundle to use.
+ # Allow self-specified cert location.
if verify is not True:
- # `verify` must be a str with a path then
cert_loc = verify
- if not os.path.exists(cert_loc):
- raise OSError(
- f"Could not find a suitable TLS CA certificate bundle,
"
- f"invalid path: {cert_loc}"
- )
-
- if not os.path.isdir(cert_loc):
- conn.ca_certs = cert_loc
- else:
- conn.ca_cert_dir = cert_loc
+ if not cert_loc:
+ cert_loc = extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
+
+ if not cert_loc or not os.path.exists(cert_loc):
+ raise OSError(
+ f"Could not find a suitable TLS CA certificate bundle, "
+ f"invalid path: {cert_loc}"
+ )
+
+ conn.cert_reqs = "CERT_REQUIRED"
+
+ if not os.path.isdir(cert_loc):
+ conn.ca_certs = cert_loc
+ else:
+ conn.ca_cert_dir = cert_loc
else:
conn.cert_reqs = "CERT_NONE"
conn.ca_certs = None
