From b548abc9812a628d3290d0cab83e44f3c31ac6fe Mon Sep 17 00:00:00 2001
From: Thea Flowers <theaflowers@google.com>
Date: Tue, 16 Oct 2018 10:56:05 -0700
Subject: [PATCH 1/5] Update changelog for 1.24 release

---
 CHANGES.rst | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 0b912d0b37..4d70f4da99 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -4,6 +4,20 @@ Changes
 dev (master)
 ------------
 
+* ... [Short description of non-trivial change.] (Issue #)
+
+
+1.24 (2018-10-16)
+-----------------
+
+* Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449)
+
+* Test against Python 3.7 on AppVeyor. (Pull #1453)
+
+* Early-out ipv6 checks when running on App Engine. (Pull #1450)
+
+* Change ambiguous description of backoff_factor (Pull #1436)
+
 * Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442)
 
 * Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405).
@@ -16,10 +30,10 @@ dev (master)
 * Fixed bug where responses with header Content-Type: message/* erroneously
   raised HeaderParsingError, resulting in a warning being logged. (Pull #1439)
 
-* ... [Short description of non-trivial change.] (Issue #)
+* Move urllib3 to src/urllib3 (Pull #1409)
 
 
-1.23 (2018-06-05)
+1.23 (2018-06-04)
 -----------------
 
 * Allow providing a list of headers to strip from requests when redirecting

From cd7cfa613b2678e700597d098ce9bbdc934863e6 Mon Sep 17 00:00:00 2001
From: toby cabot <toby@caboteria.org>
Date: Wed, 17 Oct 2018 08:35:59 -0400
Subject: [PATCH 2/5] Resolve pytest pluggy version conflict (#1457)

---
 dev-requirements.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dev-requirements.txt b/dev-requirements.txt
index abbe781a09..df3ed61097 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -7,7 +7,8 @@ tornado==5.0.2
 PySocks==1.6.8
 pkginfo==1.4.2
 pytest-timeout==1.3.1
-pytest==3.6.4
+pytest==3.8.2
 # https://github.com/GoogleCloudPlatform/python-repo-tools/issues/23
 pylint<2.0;python_version<="2.7"
 gcp-devrel-py-tools==0.0.15
+pluggy==0.8.0

From f8d1c787d9b02a70d66ddbde9c99061d9073d54a Mon Sep 17 00:00:00 2001
From: "Seth M. Larson" <sethmichaellarson@gmail.com>
Date: Thu, 25 Oct 2018 12:30:16 -0500
Subject: [PATCH 3/5] Uninstall oclint to ensure gcc can be brew upgraded
 (#1464)

---
 _travis/install.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/_travis/install.sh b/_travis/install.sh
index 76bd226b19..85881a0f6f 100755
--- a/_travis/install.sh
+++ b/_travis/install.sh
@@ -7,6 +7,9 @@ if [[ "$(uname -s)" == 'Darwin' ]]; then
     sw_vers
     brew update || brew update
 
+    # https://github.com/travis-ci/travis-ci/issues/8826
+    brew cask uninstall oclint
+
     brew outdated openssl || brew upgrade openssl
     brew install openssl@1.1
 

From 0aeba3be0224a930f6ffef254ed12b41303a86d7 Mon Sep 17 00:00:00 2001
From: "Seth M. Larson" <sethmichaellarson@gmail.com>
Date: Thu, 1 Nov 2018 10:47:15 -0500
Subject: [PATCH 4/5] Use bytearray to accumulate bytes from gzip (#1468)

---
 CHANGES.rst             | 2 ++
 src/urllib3/response.py | 8 ++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 4d70f4da99..f6dc184bb8 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -4,6 +4,8 @@ Changes
 dev (master)
 ------------
 
+* Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467)
+
 * ... [Short description of non-trivial change.] (Issue #)
 
 
diff --git a/src/urllib3/response.py b/src/urllib3/response.py
index f0cfbb5499..c112690b0a 100644
--- a/src/urllib3/response.py
+++ b/src/urllib3/response.py
@@ -69,9 +69,9 @@ def __getattr__(self, name):
         return getattr(self._obj, name)
 
     def decompress(self, data):
-        ret = b''
+        ret = bytearray()
         if self._state == GzipDecoderState.SWALLOW_DATA or not data:
-            return ret
+            return bytes(ret)
         while True:
             try:
                 ret += self._obj.decompress(data)
@@ -81,11 +81,11 @@ def decompress(self, data):
                 self._state = GzipDecoderState.SWALLOW_DATA
                 if previous_state == GzipDecoderState.OTHER_MEMBERS:
                     # Allow trailing garbage acceptable in other gzip clients
-                    return ret
+                    return bytes(ret)
                 raise
             data = self._obj.unused_data
             if not data:
-                return ret
+                return bytes(ret)
             self._state = GzipDecoderState.OTHER_MEMBERS
             self._obj = zlib.decompressobj(16 + zlib.MAX_WBITS)
 

From 0cedb3b0f1e5d79c89c6db767c534b064b794cf2 Mon Sep 17 00:00:00 2001
From: "Seth M. Larson" <sethmichaellarson@gmail.com>
Date: Thu, 1 Nov 2018 12:24:58 -0500
Subject: [PATCH 5/5] Restore context.set_ciphers() to create_urllib3_context()
 (#1463)

---
 CHANGES.rst              |  2 ++
 src/urllib3/util/ssl_.py |  2 ++
 test/test_ssl.py         | 18 ++++++++++++++++++
 3 files changed, 22 insertions(+)

diff --git a/CHANGES.rst b/CHANGES.rst
index f6dc184bb8..186099d3b4 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -6,6 +6,8 @@ dev (master)
 
 * Remove quadratic behavior within ``GzipDecoder.decompress()`` (Issue #1467)
 
+* Restored functionality of `ciphers` parameter for `create_urllib3_context()`. (Issue #1462)
+
 * ... [Short description of non-trivial change.] (Issue #)
 
 
diff --git a/src/urllib3/util/ssl_.py b/src/urllib3/util/ssl_.py
index 24ee26d632..64ea192a85 100644
--- a/src/urllib3/util/ssl_.py
+++ b/src/urllib3/util/ssl_.py
@@ -263,6 +263,8 @@ def create_urllib3_context(ssl_version=None, cert_reqs=None,
     """
     context = SSLContext(ssl_version or ssl.PROTOCOL_SSLv23)
 
+    context.set_ciphers(ciphers or DEFAULT_CIPHERS)
+
     # Setting the default here, as we may have no ssl module on import
     cert_reqs = ssl.CERT_REQUIRED if cert_reqs is None else cert_reqs
 
diff --git a/test/test_ssl.py b/test/test_ssl.py
index 76a502591e..47359717d2 100644
--- a/test/test_ssl.py
+++ b/test/test_ssl.py
@@ -70,3 +70,21 @@ def test_sni_missing_warning_with_ip_addresses(monkeypatch, has_sni, server_host
         assert SNIMissingWarning in warnings
     else:
         assert warn.call_count == 0
+
+
+@pytest.mark.parametrize(
+    ["ciphers", "expected_ciphers"],
+    [(None, ssl_.DEFAULT_CIPHERS),
+     ("ECDH+AESGCM:ECDH+CHACHA20", "ECDH+AESGCM:ECDH+CHACHA20")]
+)
+def test_create_urllib3_context_set_ciphers(monkeypatch, ciphers, expected_ciphers):
+
+    context = mock.create_autospec(ssl_.SSLContext)
+    context.set_ciphers = mock.Mock()
+    context.options = 0
+    monkeypatch.setattr(ssl_, "SSLContext", lambda *_, **__: context)
+
+    assert ssl_.create_urllib3_context(ciphers=ciphers) is context
+
+    assert context.set_ciphers.call_count == 1
+    assert context.set_ciphers.call_args == mock.call(expected_ciphers)