Recommended update for python-requests

Announcement ID: SUSE-RU-2017:1820-1
Rating: low
References:
Affected Products:
  • Advanced Systems Management Module 12
  • Public Cloud Module 12
  • SUSE Linux Enterprise Desktop 12
  • SUSE Linux Enterprise Desktop 12 SP1
  • SUSE Linux Enterprise Desktop 12 SP2
  • SUSE Linux Enterprise Desktop 12 SP3
  • SUSE Linux Enterprise Desktop 12 SP4
  • SUSE Linux Enterprise High Availability Extension 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP4
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server 12 SP1
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server 12 SP4
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
  • SUSE Manager Client Tools for SLE 12

An update that has one fix can now be installed.

Description:

This update provides python-requests 2.11.1, which brings many fixes and enhancements:

  • Strip Content-Type and Transfer-Encoding headers from the header block when following a redirect that transforms the verb from POST/PUT to GET.
  • Added support for the ALL_PROXY environment variable.
  • Reject header values that contain leading whitespace or newline characters to reduce risk of header smuggling.
  • Fixed occasional TypeError when attempting to decode a JSON response that occurred in an error case. Now correctly returns a ValueError.
  • Requests would incorrectly ignore a non-CIDR IP address in the NO_PROXY environment variables: Requests now treats it as a specific IP.
  • Fixed a bug when sending JSON data that could cause us to encounter obscure OpenSSL errors in certain network conditions.
  • Added type checks to ensure that iter_content only accepts integers and None for chunk sizes.
  • Fixed issue where responses whose body had not been fully consumed would have the underlying connection closed but not returned to the connection pool, which could cause Requests to hang in situations where the HTTPAdapter had been configured to use a blocking connection pool.
  • Change built-in CaseInsensitiveDict to use OrderedDict as its underlying datastore.
  • Don't use redirect_cache if allow_redirects=False.
  • When passed objects that throw exceptions from tell(), send them via chunked transfer encoding instead of failing.
  • Raise a ProxyError for proxy related connection issues.
  • The verify keyword argument now supports being passed a path to a directory of CA certificates, not just a single-file bundle.
  • Warnings are now emitted when sending files opened in text mode.
  • Added the 511 Network Authentication Required status code to the status code registry.
  • For file-like objects that are not seeked to the very beginning, we now send the content length for the number of bytes we will actually read, rather than the total size of the file, allowing partial file uploads.
  • When uploading file-like objects, if they are empty or have no obvious content length we set Transfer-Encoding: chunked rather than Content-Length: 0.
  • We correctly receive the response in buffered mode when uploading chunked bodies.
  • We now handle being passed a query string as a bytestring on Python 3, by decoding it as UTF-8.
  • Sessions are now closed in all cases (exceptional and not) when using the functional API rather than leaking and waiting for the garbage collector to clean them up.
  • Correctly handle digest auth headers with a malformed qop directive that contains no token, by treating it the same as if no qop directive was provided at all.
  • Minor performance improvements when removing specific cookies by name.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 12 SP2
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1126=1
  • SUSE Linux Enterprise High Availability Extension 12 SP2
    zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1126=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
    zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1126=1 SUSE-SLE-SERVER-12-SP2-2017-1126=1
  • SUSE Manager Client Tools for SLE 12
    zypper in -t patch SUSE-SLE-Manager-Tools-12-2017-1126=1
  • Advanced Systems Management Module 12
    zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2017-1126=1
  • Public Cloud Module 12
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1126=1
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
    zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1126=1
  • SUSE Linux Enterprise High Performance Computing 12 SP2
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1126=1
  • SUSE Linux Enterprise Server 12 SP2
    zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1126=1

Package List:

  • SUSE Linux Enterprise Desktop 12 SP2 (noarch)
    • python-requests-2.11.1-6.20.1
  • SUSE Linux Enterprise High Availability Extension 12 SP2 (noarch)
    • python-requests-2.11.1-6.20.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2 (noarch)
    • python-requests-2.11.1-6.20.1
  • SUSE Manager Client Tools for SLE 12 (noarch)
    • python-requests-2.11.1-6.20.1
  • Advanced Systems Management Module 12 (noarch)
    • python-requests-2.11.1-6.20.1
  • Public Cloud Module 12 (noarch)
    • python-requests-2.11.1-6.20.1
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 (noarch)
    • python-requests-2.11.1-6.20.1
  • SUSE Linux Enterprise High Performance Computing 12 SP2 (noarch)
    • python-requests-2.11.1-6.20.1
  • SUSE Linux Enterprise Server 12 SP2 (noarch)
    • python-requests-2.11.1-6.20.1

References: