Security fix for CVE-2015-2296 python-requests: session fixation and cookie stealing vulnerability

ok shadchin@ (MAINTAINER)

www/py-requests/Makefile

@@ -1,9 +1,10 @@
-# $OpenBSD: Makefile,v 1.9 2015/01/25 15:54:07 shadchin Exp $
+# $OpenBSD: Makefile,v 1.10 2015/03/23 15:26:19 jasper Exp $
 
 COMMENT=	elegant and simple HTTP library for Python
 
 MODPY_EGG_VERSION=2.5.1
 DISTNAME=	requests-${MODPY_EGG_VERSION}
+REVISION=	0
 PKGNAME=	py-requests-${MODPY_EGG_VERSION}
 
 CATEGORIES=	www

www/py-requests/patches/patch-requests_sessions_py

@@ -0,0 +1,16 @@
+$OpenBSD: patch-requests_sessions_py,v 1.1 2015/03/23 15:26:19 jasper Exp $
+
+Security fix for CVE-2015-2296 python-requests: session fixation and cookie stealing vulnerability
+http://www.openwall.com/lists/oss-security/2015/03/14/4
+
+--- requests/sessions.py.orig	Mon Mar 23 15:41:06 2015
++++ requests/sessions.py	Mon Mar 23 15:41:42 2015
+@@ -171,7 +171,7 @@ class SessionRedirectMixin(object):
+             except KeyError:
+                 pass
+ 
+-            extract_cookies_to_jar(prepared_request._cookies, prepared_request, resp.raw)
++            extract_cookies_to_jar(prepared_request._cookies, req, resp.raw)
+             prepared_request._cookies.update(self.cookies)
+             prepared_request.prepare_cookies(prepared_request._cookies)
+