Your message dated Mon, 11 Nov 2024 00:19:36 +0000
with message-id <[email protected]>
and subject line Bug#1086794: fixed in python-urllib3 2.2.3-1
has caused the Debian Bug report #1086794,
regarding python-urllib3: Need patched hypercorn to run tests for 2.2.x
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1086794: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086794
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-urllib3
Version: 2.0.7-2
Severity: normal
X-Debbugs-Cc: Daniele Tricoli <[email protected]>
I've been working on packaging urllib3 2.2.x, since that seems to be
needed for Python 3.13 support and to fix a CVE (it might be possible to
backport, but ideally I'd prefer us up to date with upstream). I
noticed that we needed to package quart-trio, so I've done that. Now I
have a new problem.
https://github.com/urllib3/urllib3/issues/3334 describes this quite well
from the Fedora point of view: urllib3's test suite needs a patched
hypercorn, and upstream seems to think this is worth it.
Judging by comments in that bug and by
https://src.fedoraproject.org/rpms/python-urllib3/blob/rawhide/f/python-urllib3.spec,
Fedora has taken the approach of bundling a patched hypercorn and using
it during tests. While this is far from ideal, it seems viable to me
given that it's a test-only dependency. So I'm thinking we could do the
same for Debian: either we could just drop the whole thing under
debian/vendor/ or so, or we could package it as a separate .orig
component tarball; since we'd have to make our own tarball for the
latter approach, the former is probably simpler.
Does this sound reasonable? I'm happy (ish) to do the legwork here.
Thanks,
--
Colin Watson (he/him) [[email protected]]
--- End Message ---
--- Begin Message ---
Source: python-urllib3
Source-Version: 2.2.3-1
Done: Colin Watson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-urllib3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated python-urllib3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 10 Nov 2024 23:57:18 +0000
Source: python-urllib3
Architecture: source
Version: 2.2.3-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Colin Watson <[email protected]>
Closes: 1074149 1082278 1086794
Changes:
python-urllib3 (2.2.3-1) experimental; urgency=medium
.
* Team upload.
* New upstream release:
- CVE-2024-37891: Added the Proxy-Authorization header to the list of
headers to strip from requests when redirecting to a different host
(closes: #1074149).
- Added support for Python 3.13 (closes: #1082278).
* Temporarily vendor hypercorn, since urllib3 needs a patched version for
its tests (commit d1719f8c1570cbd8e6a3719ffdb14a4d72880abb; see
https://github.com/urllib3/urllib3/issues/3334; closes: #1086794).
Checksums-Sha1:
b9ce0262580d5d747a19ea27ca0c0f186ca24faf 2869 python-urllib3_2.2.3-1.dsc
983588ea431951dd1e8ab1e6667c57b65f9d2892 300677
python-urllib3_2.2.3.orig.tar.gz
3270c098e9e23398e2c69721e6030b6123e8a23a 36988
python-urllib3_2.2.3-1.debian.tar.xz
Checksums-Sha256:
eddbb7e011ceece3a08d1cd83c6b733e06d6dae70ddff6ad8805d59ab799b4cc 2869
python-urllib3_2.2.3-1.dsc
e7d814a81dad81e6caf2ec9fdedb284ecc9c73076b62654547cc64ccdcae26e9 300677
python-urllib3_2.2.3.orig.tar.gz
1a326962490ddc52ce2f7e60efe97e44014192270814fb552ba4017de4fbcdff 36988
python-urllib3_2.2.3-1.debian.tar.xz
Files:
fa5850b36c21c0d06cdcaa797c5a2a20 2869 python optional
python-urllib3_2.2.3-1.dsc
d65de4f0effae2b52669246f0aab0a91 300677 python optional
python-urllib3_2.2.3.orig.tar.gz
eadc616453578ae1d14a4341a0d2d7ac 36988 python optional
python-urllib3_2.2.3-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmcxSMcACgkQOTWH2X2G
UAt02w//aomzt/1NevImQTjcYUAI4JSVJwF5Da4pcQp0z9rUI58FNexakQ67BCpi
uTiDSCN9rqu6+g0GvZj2G+8A3KCjcJ+3Kr5Tu6ARTfBlT/suk7C8qC48RZI64Gzp
9fuRNmQEY38zZfPQ53Fp4dLVocmY53s4AW66vluUt66qc92bjysgl4W6Ol6fqcdx
qrzM3yY5G/sskO4NWvENiIgQcBfOxVV6fcS8qy6qjf/Ph19UOwb5w5flGttfF+Gb
KMk6BOyY8Dan0PG+F/KmYywO71FBeI2BwP9+Gn16KV5vlC9Ci5+RWlhg3hMU6Wiv
eWBSBYjZED8ON8oIGxI9KYL0e90f9To4Jp1MxDE+d9K4wgEk3SfsNBMAQe8aqGa3
3WYpprZ2FNTl9turrO2mFoqH2TvGzZyxTPuAMo2t5aH8gKg7KJAouscVIYTkR5rx
u1EkO2VxfR+fKrROj+tHv95ld2M5ndNhpjIcxOckBvICJEyYBlmSQJ7sWl6JnNo7
N8Cb+JQh78rrrOB7F/XEAZI6ZV4GKBFiZojiV6Zc/h4d2hElC2LqDOJQx4WBAbGd
gG0PV7II1oUbFoGJWqMXlpTWRVWBhObO4WWjDeAmf6TxoGV3d3JQ7kP2gtnJgDhj
UgPKk31Qog3GqqqV30nlOGdKgA92tj2ql8jL3blzRSbksTlFFdQ=
=yimk
-----END PGP SIGNATURE-----
pgpOvaYFt8pms.pgp
Description: PGP signature
--- End Message ---
