net/py-urllib3: sync with upstream

Taken from: HardenedBSD

net/py-urllib3/Makefile

@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	urllib3
-PORTVERSION=	1.22
+PORTVERSION=	1.25.6
 PORTEPOCH=	1
 CATEGORIES=	net python
 MASTER_SITES=	CHEESESHOP
@@ -14,25 +14,30 @@ COMMENT=	HTTP library with thread-safe connection pooling, file post, and more
 LICENSE=	MIT
 LICENSE_FILE=	${WRKSRC}/LICENSE.txt
 
-RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}cryptography>=1.3.4:security/py-cryptography@${PY_FLAVOR} \
-		${PYTHON_PKGNAMEPREFIX}idna>=2.0:dns/py-idna@${PY_FLAVOR} \
-		${PY_IPADDRESS} \
-		${PYTHON_PKGNAMEPREFIX}openssl>=16.0:security/py-openssl@${PY_FLAVOR} \
-		${PYTHON_PKGNAMEPREFIX}pysocks>=1.5.7:net/py-pysocks@${PY_FLAVOR}
 TEST_DEPENDS=	${PYTHON_PKGNAMEPREFIX}mock>=0:devel/py-mock@${PY_FLAVOR} \
-		${PYTHON_PKGNAMEPREFIX}nose>=0:devel/py-nose@${PY_FLAVOR} \
-		${PYTHON_PKGNAMEPREFIX}pytest>=0:devel/py-pytest@${PY_FLAVOR}
-#TEST_DEPENDS+=	${PYTHON_PKGNAMEPREFIX}tornado>=0:www/py-tornado@${PY_FLAVOR}
+		${PYTHON_PKGNAMEPREFIX}pytest>=0:devel/py-pytest@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}tornado>=0:www/py-tornado@${PY_FLAVOR}
 
 USES=		python
 USE_PYTHON=	autoplist concurrent distutils
+
 NO_ARCH=	yes
 SUB_FILES=	pkg-message
 
-.include <bsd.port.pre.mk>
+OPTIONS_DEFINE=	BROTLI SOCKS SSL
+OPTIONS_DEFAULT=SOCKS SSL
 
-.if ${PYTHON_REL} < 3400
-RUN_DEPENDS+=	${PYTHON_PKGNAMEPREFIX}certifi>=0:security/py-certifi@${PY_FLAVOR}
-.endif
+BROTLI_RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}brotlipy>=0.6.0:archivers/py-brotlipy@${PY_FLAVOR}
+SOCKS_RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}pysocks>=1.5.6:net/py-pysocks@${PY_FLAVOR}
+SSL_RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}idna>=2.0:dns/py-idna@${PY_FLAVOR} \
+			${PYTHON_PKGNAMEPREFIX}certifi>=0:security/py-certifi@${PY_FLAVOR} \
+			${PYTHON_PKGNAMEPREFIX}cryptography>=1.3.4:security/py-cryptography@${PY_FLAVOR} \
+			${PYTHON_PKGNAMEPREFIX}openssl>=0.14:security/py-openssl@${PY_FLAVOR} \
+			${PY_IPADDRESS}
 
-.include <bsd.port.post.mk>
+# Test 'test_ssl_read_timeout' fails with FreeBSD >= 12.0. That was already the
+# case with earlier versions of net/py-urllib3.
+do-test:
+	@cd ${WRKSRC} && ${SETENV} LC_ALL=en_US.UTF-8 ${PYTHON_CMD} -m pytest -v -rs -k 'not test_ssl_read_timeout'
+
+.include <bsd.port.mk>

net/py-urllib3/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1500642203
-SHA256 (urllib3-1.22.tar.gz) = cc44da8e1145637334317feebd728bd869a35285b93cbb4cca2577da7e62db4f
-SIZE (urllib3-1.22.tar.gz) = 226083
+TIMESTAMP = 1574013088
+SHA256 (urllib3-1.25.6.tar.gz) = 9a107b99a5393caf59c7aa3c1249c16e6879447533d0887f4336dde834c7be86
+SIZE (urllib3-1.25.6.tar.gz) = 248292

net/py-urllib3/files/patch-setup.py

@@ -1,11 +0,0 @@
---- setup.py.orig	2016-09-06 14:39:59 UTC
-+++ setup.py
-@@ -61,7 +61,7 @@ setup(name='urllib3',
-               'certifi',
-           ],
-           'socks': [
--              'PySocks>=1.5.6,<2.0,!=1.5.7',
-+              'PySocks>=1.5.6',
-           ]
-       },
-       )

net/py-urllib3/files/pkg-message.in

@@ -1,7 +1,21 @@
 [
-{ type: install
+{ 
   message: <<EOM
-Be careful, support of IPv6 is broken with PySocks 1.5.7.
+Since version 1.25 HTTPS connections are now verified by default which is done
+via "cert_reqs = 'CERT_REQUIRED'".  While certificate verification can be
+disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on.
+
+Various consumers of net/py-urllib3 already have implemented routines that
+either explicitly enable or disable HTTPS certificate verification (e.g. via
+configuration settings, CLI arguments, etc.).
+
+Yet it may happen that there are still some consumers which don't explicitly
+enable/disable certificate verification for HTTPS connections which could then
+lead to errors (as is often the case with self-signed certificates).
+
+In case of an error one should try first to temporarily disable certificate
+verification of the problematic urllib3 consumer to see if that approach will
+remedy the issue.
 EOM
 }
 ]