lp:ubuntu/trusty-security/requests

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

17. By Dan Watkins on 2015-03-16

* SECURITY UPDATE: Session fixation and cookie stealing issue
  (LP: #1432555).
  - debian/patches/CVE-2015-2296.patch: extract cookies from the original
    request (which still has the host which returned the cookies)
  - CVE-2015-2296

16. By Marc Deslauriers on 2014-09-30

* SECURITY UPDATE: Authorization header disclosure on redirect
  - debian/patches/CVE-2014-1829.patch: if redirected, strip
    authentication header in requests/sessions.py, add
    should_bypass_proxies() to requests/utils.py.
  - CVE-2014-1829
* SECURITY UPDATE: Proxy-Authorization header disclosure on redirect
  - debian/patches/CVE-2014-1830.patch: also strip proxy headers in
    requests/sessions.py, added test to test_requests.py.
  - CVE-2014-1830

15. By Daniele Tricoli on 2014-01-27

* New upstream release
* debian/control
  - Bumped Standards-Version to 3.9.5 (no changes needed)
* debian/copyright
  - Updated copyright years
* debian/patches/02_use-system-chardet-and-urllib3.patches
  - Refreshed

14. By Daniele Tricoli on 2013-10-18

* New upstream release (Closes: #725784)
* Switched to pybuild
* debian/clean
  - Switched to debian/clean for cleaning instead of using debian/rules
* debian/control
  - Bumped python(3)-urllib3 to (>=1.7.1)
* debian/copyright
  - Updated copyright year
* debian/patches/02_use-system-chardet-and-urllib3.patches
  - Refreshed
* debian/watch
  - Switched download URL to https

13. By Daniele Tricoli on 2013-06-21

* New upstream release (Closes: #712915) (LP: #1187429)
  - Thanks to Scott Moser for the report
* debian/compat
  - Bumped debhelper compatibility level to 9
* debian/control
  - Bumped debhelper B-D to (>= 9)
  - Temporarily bumped X-Python-Version to >= 2.7 to prevent FTBFS
    due to lack of python-urllib3 for Python 2.6
* debian/patches/02_use-system-chardet-and-urllib3.patches
  - Refreshed

12. By Thomas Goirand <email address hidden> on 2013-05-11

* Uploading to unstable.
* rm -rf requests.egg-info on clean so the package can be built twice.

11. By Daniele Tricoli on 2012-05-04

* New upstream release
* debian/control
  - Added python-oauthlib to python-requests' Recommends field
* debian/patches/01_do-not-use-python-certifi.patch
  - Refreshed

10. By Daniele Tricoli on 2012-04-23

* New upstream release
* debian/patches/01_do-not-use-python-certifi.patch
  - Refreshed

9. By Daniele Tricoli on 2012-04-01

* New upstream release
* debian/control
  - Added python3-chardet to python3-requests' Recommends field
  - Updated Description field
* debian/patches/02_do-not-use-embedded-python-six.patch
  - Refreshed

8. By Daniele Tricoli on 2012-03-19

[ Piotr Ożarowski ]
* Fix typo in python3-requests' ${python3:Depends}

[ Daniele Tricoli ]
* New upstream release (Closes: #663561)
* Removed embedded copy of python-six
  - Added debian/patches/02_do-not-use-embedded-python-six.patch
  - Added override_dh_auto_configure to debian/rules to remove
    the embedded copy
  - Added python(3)-six to Builds-Depends and Depends
* debian/control
  - Bumped Standards-Version to 3.9.3 (no changes needed)
* debian/copyright
  - Added forgotten stanzas about packages inside the fork
    of python-urllib3
* debian/patches/01_do-not-use-python-certifi.patch
  - Refreshed
* debian/patches/02_fix-python3-except-sintax-error.patch
  - Removed as it is applied upstream