Bug 1230678 - bzr: use match_hostname() from python-backports-ssl_match_hostname
Summary: bzr: use match_hostname() from python-backports-ssl_match_hostname
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: bzr
Version: 23
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Petr Stodulka
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-06-11 10:45 UTC by Tomas Hoger
Modified: 2015-08-15 02:23 UTC (History)
5 users (show)

Fixed In Version: bzr-2.6.0-7.fc21
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-15 02:23:11 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
use match_hostname function from system ssl module or system backports.ssl_match_hostname module (4.86 KB, patch)
2015-07-02 18:32 UTC, Carl George
no flags Details | Diff
use match_hostname function from system ssl module or system backports.ssl_match_hostname module (5.22 KB, patch)
2015-07-21 13:26 UTC, Petr Stodulka
no flags Details | Diff
use match_hostname function from system ssl module or system backports.ssl_match_hostname module - v3 (5.34 KB, patch)
2015-07-21 16:45 UTC, Petr Stodulka
no flags Details | Diff

Description Tomas Hoger 2015-06-11 10:45:40 UTC
Description of problem:

bzr contains a copy of match_hostname implementation from Python 3 (in bzrlib/transport/http/_urllib2_wrappers.py).  For Python 2, the function is available via python-backports-ssl_match_hostname.  bzr should depend on that to avoid needing to have fixes for the embedded copy backported.  There were / are few cases when the code needed backport of a security fix - bug 963260, bug 1224999.

Version-Release number of selected component (if applicable):

bzr-2.6.0-8.fc23

Comment 1 Carl George 2015-07-02 18:26:10 UTC
Eventually python-backports-ssl_match_hostname is going to be removed.  The code from this backport has been fully merged into the standard library in Python 2.7.9.

> The entirety of Python 3.4's ssl module has been backported for Python 2.7.9. See PEP 466 for justification.

* https://www.python.org/downloads/release/python-279/
* https://www.python.org/dev/peps/pep-0466/

See also #1229409.

Looking at the source for 2.6.0, patching this should be easy.

Comment 2 Carl George 2015-07-02 18:32:02 UTC
Created attachment 1045609 [details]
use match_hostname function from system ssl module or system backports.ssl_match_hostname module

Comment 3 Jan Kurik 2015-07-15 14:01:22 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle.
Changing version to '23'.

(As we did not run this process for some time, it could affect also pre-Fedora 23 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23

Comment 4 Petr Stodulka 2015-07-21 13:26:14 UTC
Created attachment 1054367 [details]
use match_hostname function from system ssl module or system backports.ssl_match_hostname module

fixed test script

Comment 5 Petr Stodulka 2015-07-21 16:45:29 UTC
Created attachment 1054462 [details]
use match_hostname function from system ssl module or system backports.ssl_match_hostname module - v3

one another wrong import for older python

Comment 6 Fedora Update System 2015-07-21 17:24:05 UTC
bzr-2.6.0-8.fc22 has been submitted as an update for Fedora 22.
https://admin.fedoraproject.org/updates/bzr-2.6.0-8.fc22

Comment 7 Fedora Update System 2015-07-21 17:26:23 UTC
bzr-2.6.0-7.fc21 has been submitted as an update for Fedora 21.
https://admin.fedoraproject.org/updates/bzr-2.6.0-7.fc21

Comment 8 Fedora Update System 2015-07-29 01:47:39 UTC
Package bzr-2.6.0-7.fc21:
* should fix your issue,
* was pushed to the Fedora 21 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing bzr-2.6.0-7.fc21'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-11995/bzr-2.6.0-7.fc21
then log in and leave karma (feedback).

Comment 9 Fedora Update System 2015-08-15 02:23:11 UTC
bzr-2.6.0-8.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2015-08-15 02:23:42 UTC
bzr-2.6.0-7.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.