SUSE-SU-2020:1792-1

Details

This update for python3-requests provides the following fix:

python-requests was updated to 2.20.1.

Update to version 2.20.1:

Fixed bug with unintended Authorization header stripping for redirects using default ports (http/80, https/443).

Update to version 2.20.0:

Bugfixes
- Content-Type header parsing is now case-insensitive (e.g. charset=utf8 v Charset=utf8).
- Fixed exception leak where certain redirect urls would raise uncaught urllib3 exceptions.
- Requests removes Authorization header from requests redirected from https to http on the same hostname. (CVE-2018-18074)
- should_bypass_proxies now handles URIs without hostnames (e.g. files).

Update to version 2.19.1:

Fixed issue where status_codes.py’s init function failed trying to append to a doc value of None.

Update to version 2.19.0:

Improvements
- Warn about possible slowdown with cryptography version < 1.3.4
- Check host in proxy URL, before forwarding request to adapter.
- Maintain fragments properly across redirects. (RFC7231 7.1.2)
- Removed use of cgi module to expedite library load time.
- Added support for SHA-256 and SHA-512 digest auth algorithms.
- Minor performance improvement to Request.content.
Bugfixes
- Parsing empty Link headers with parse_header_links() no longer return one bogus entry.
- Fixed issue where loading the default certificate bundle from a zip archive would raise an IOError.
- Fixed issue with unexpected ImportError on windows system which do not support winreg module.
- DNS resolution in proxy bypass no longer includes the username and password in the request. This also fixes the issue of DNS queries failing on macOS.
- Properly normalize adapter prefixes for url comparison.
- Passing None as a file pointer to the files param no longer raises an exception.
- Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly.

Update to version 2.18.4:

Improvements
- Error messages for invalid headers now include the header name for easier debugging

Update to version 2.18.3:

Improvements
- Running $ python -m requests.help now includes the installed version of idna.
Bugfixes
- Fixed issue where Requests would raise ConnectionError instead of SSLError when encountering SSL problems when using urllib3 v1.22.

Add ca-certificates (and ca-certificates-mozilla) to dependencies, otherwise https connections will fail.

Affected Packages

python-certifi

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Module for Public Cloud 12SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

2018.4.16-3.6.1

python-chardet

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Module for Public Cloud 12SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

3.0.4-5.6.1

python-urllib3

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Module for Public Cloud 12SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

1.22-3.20.1

python3-certifi

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Module for Public Cloud 12SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

2018.4.16-3.6.1

python3-chardet

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Module for Public Cloud 12SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

3.0.4-5.6.1

python3-requests

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSSSUSE Linux Enterprise Server 12 SP3-BCL

Fixed in:

2.20.1-5.2

python3-urllib3

SUSE Enterprise Storage 5SUSE HPE Helion OpenStack 8SUSE Linux Enterprise Module for Public Cloud 12SUSE Linux Enterprise Server 12 SP2-BCLSUSE Linux Enterprise Server 12 SP2-LTSS

Fixed in:

1.22-3.20.1

References

SUSE-SU-2020:1792-1

Details

Affected Packages

References

Upstream

Related

Ecosystems(20)

Timeline