Debian Patches
Status for python-urllib3/2.3.0-3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| test_http2_probe_blocked_per_thread-requires_network.patch | Mark test_http2_probe_blocked_per_thread with requires_network It fails if it can't connect to `TARPIT_HOST`. |
Colin Watson <cjwatson@debian.org> | no | 2024-11-12 | ||
| openssl-3.4.0.patch | SingleTLSLayerTestCase: Catch BrokenPipeError OpenSSL 3.4.0 returns `ERR_LIB_SYS` in some more situations than it used to. In the case exercised by `SingleTLSLayerTestCase.test_close_after_handshake`, https://github.com/python/cpython/pull/127361 (also backported to the 3.12 and 3.13 branches) turns this into `BrokenPipeError`. It seems reasonable to treat this in the same way as `ConnectionAbortedError` and `ConnectionResetError`. |
Colin Watson <cjwatson@debian.org> | yes | 2025-01-17 | ||
| httpx-0.28.patch | Ensure compatibility with httpx>=0.28 Version 0.28 of httpx removed support for supplying a path (of string type) to verify, only a bool or an SSL context is now supported. Running the test suite with httpx 0.28 will break the dummy server and a such number of tests in test/with_dummyserver/. To resolve this, create an SSL context in the ProxyApp init function and supply that to AsyncClient, instead of a raw string. This change is backwards compatible, i.e. the test suite will still succeed against the currently pinned version of httpx, 0.25.2. |
Carl Smedstad <carl.smedstad@protonmail.com> | no | debian | https://github.com/urllib3/urllib3/pull/3545 | 2025-03-12 |
| CVE-2025-50181.patch | Merge commit from fork * Apply Quentin's suggestion * Add tests for disabled redirects in the pool manager * Add a possible fix for the issue with not raised `MaxRetryError` * Make urllib3 handle redirects instead of JS when JSPI is used * Fix info in the new comment * State that redirects with XHR are not controlled by urllib3 * Remove excessive params from new test requests * Add tests reaching max non-0 redirects * Test redirects with Emscripten * Fix `test_merge_pool_kwargs` * Add a changelog entry * Parametrize tests * Drop a fix for Emscripten * Apply Seth's suggestion to docs * Use a minor release instead of the patch one |
Illia Volochii <illia.volochii@gmail.com> | no | 2025-06-18 | ||
| CVE-2025-50182.patch | Merge commit from fork | Illia Volochii <illia.volochii@gmail.com> | no | debian | upstream, https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f | 2025-07-13 |
All known versions for source package 'python-urllib3'
- 2.5.0-1 (forky, sid)
- 2.3.0-3 (trixie)
- 1.26.12-1+deb12u1 (bookworm)