Author: Daniele Tricoli
Revision Date: 2015-06-11 01:39:13 UTC

[ Barry Warsaw ]
* debian/patches:
  - 02_use-system-chardet-and-urllib3.patch and
    04_make-requests.packages.urllib3-same-as-urllib3.patch: Removed in
    favor of upstream's pull request #2567
  - 05_upstream_devendorize.patch: Upstream's pull request to better
    support the devendorizing of urllib3 and chardet.
    (Closes: #771349, #788383)

[ Daniele Tricoli ]
* debian/python{,3}-requests.pyremove
  - Remove embedded copy of chardet and urllib3. Previously it was done by
    02_use-system-chardet-and-urllib3.patch.

Author: Daniele Tricoli
Revision Date: 2015-06-11 01:39:13 UTC

[ Barry Warsaw ]
* debian/patches:
  - 02_use-system-chardet-and-urllib3.patch and
    04_make-requests.packages.urllib3-same-as-urllib3.patch: Removed in
    favor of upstream's pull request #2567
  - 05_upstream_devendorize.patch: Upstream's pull request to better
    support the devendorizing of urllib3 and chardet.
    (Closes: #771349, #788383)

[ Daniele Tricoli ]
* debian/python{,3}-requests.pyremove
  - Remove embedded copy of chardet and urllib3. Previously it was done by
    02_use-system-chardet-and-urllib3.patch.

Author: Daniele Tricoli
Revision Date: 2015-05-04 21:43:40 UTC

* New upstream release. (Closes: #784095)
  - Embedded copy (not used) of urllib3 does not require SSLv3 anymore.
    (Closes: #770172)
* debian/control
  - Move python-ndg-httpsclient, python-openssl and python-pyasn1 to Suggests
    inside python-requests' stanza since Python 2.7.9 include SNI support
    and PEP 476 made it as secure as Python 3.
  - Bump python{,3}-urllib3 to 1.10.4.
* debian/copyright
  - Update copyright years.
  - Update to MPL-2.0 license stanza of requests/cacert.pem (not used but
    shipped in orig tarball).
* debian/watch
  - Use pypi.debian.net redirector.
* debian/patches/01_use-system-ca-certificates.patch
  - Refresh and remove CA certificate bundle from MANIFEST.in.
   (Closes: #781610)
* debian/patches/02_use-system-chardet-and-urllib3.patch
  - Refresh.
* debian/patches/04_make-requests.packages.urllib3-same-as-urllib3.patch
  - Refresh.
* debian/patches/05_do-not-ascribe-cookies-to-the-target-domain.patch
  - Remove since fixed upstream.
* debian/python{,3}-requests.links
  - Remove links thanks to the import machinery in
    04_make-requests.packages.urllib3-same-as-urllib3.patch

Author: Daniele Tricoli
Revision Date: 2015-03-16 01:31:10 UTC

* debian/patches/05_do-not-ascribe-cookies-to-the-target-domain.patch
  - Fix session fixation and cookie stealing: CVE-2015-2296.
    (Closes: #780506)

Author: Sebastien Delafond
Revision Date: 2015-01-25 17:43:05 UTC

* Non-maintainer upload by the security team
* Fix CVE-2014-1829 and CVE-2014-1830 by extracting the relevant changes
  from version 2.3.0