diff options
author | wiz <wiz@pkgsrc.org> | 2015-03-16 13:58:37 +0000 |
---|---|---|
committer | wiz <wiz@pkgsrc.org> | 2015-03-16 13:58:37 +0000 |
commit | d9203e8358cc3b9527c730ed60786fd5be0b945f (patch) | |
tree | 4619d9ca2dc968a5ef2f913f0e095c39a688e67c /devel | |
parent | 94a4a0709b8b198527655b16937a78365f4a5017 (diff) | |
download | pkgsrc-d9203e8358cc3b9527c730ed60786fd5be0b945f.tar.gz |
Update to 2.6.0 for a security issue.
2.6.0 (2015-03-14)
++++++++++++++++++
**Bugfixes**
- Fix handling of cookies on redirect. Previously a cookie without a host
value set would use the hostname for the redirected URL exposing requests
users to session fixation attacks and potentially cookie stealing. This was
disclosed privately by Matthew Daley of `BugFuzz <https://bugfuzz.com>`_.
An CVE identifier has not yet been assigned for this. This affects all
versions of requests from v2.1.0 to v2.5.3 (inclusive on both ends).
- Fix error when requests is an ``install_requires`` dependency and ``python
setup.py test`` is run. (#2462)
- Fix error when urllib3 is unbundled and requests continues to use the
vendored import location.
- Include fixes to ``urllib3``'s header handling.
- Requests' handling of unvendored dependencies is now more restrictive.
**Features and Improvements**
- Support bytearrays when passed as parameters in the ``files`` argument.
(#2468)
- Avoid data duplication when creating a request with ``str``, ``bytes``, or
``bytearray`` input to the ``files`` argument.
Diffstat (limited to 'devel')
-rw-r--r-- | devel/py-requests/Makefile | 5 | ||||
-rw-r--r-- | devel/py-requests/distinfo | 8 |
2 files changed, 6 insertions, 7 deletions
diff --git a/devel/py-requests/Makefile b/devel/py-requests/Makefile index e98022f5c62..c4abf8a0619 100644 --- a/devel/py-requests/Makefile +++ b/devel/py-requests/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.14 2015/03/15 21:32:27 wiz Exp $ +# $NetBSD: Makefile,v 1.15 2015/03/16 13:58:37 wiz Exp $ -DISTNAME= requests-2.5.3 +DISTNAME= requests-2.6.0 PKGNAME= ${PYPKGPREFIX}-${DISTNAME} -PKGREVISION= 1 CATEGORIES= devel www MASTER_SITES= https://pypi.python.org/packages/source/r/requests/ diff --git a/devel/py-requests/distinfo b/devel/py-requests/distinfo index 92e56b61061..5f38f89b13c 100644 --- a/devel/py-requests/distinfo +++ b/devel/py-requests/distinfo @@ -1,5 +1,5 @@ -$NetBSD: distinfo,v 1.8 2015/03/09 16:57:04 imil Exp $ +$NetBSD: distinfo,v 1.9 2015/03/16 13:58:37 wiz Exp $ -SHA1 (requests-2.5.3.tar.gz) = 9577e27937ff53f1d417d84da75cda17184e1bd0 -RMD160 (requests-2.5.3.tar.gz) = a1217508f5d9f51a851d41686aced41645e0b702 -Size (requests-2.5.3.tar.gz) = 448318 bytes +SHA1 (requests-2.6.0.tar.gz) = ad7327c73e8be8c188ad489d511097202b1fef12 +RMD160 (requests-2.6.0.tar.gz) = c48db06c7ec348f55e9238b8f37019d8f2345c56 +Size (requests-2.6.0.tar.gz) = 450389 bytes |