Bug 963306 - python-requests: Use / depend on system version of python-backports-ssl_match_hostname package to use ssl.match_hostname() routine instead of embedding it directly again
python-requests: Use / depend on system version of python-backports-ssl_match...
Product: Fedora
Classification: Fedora
Component: python-requests (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Arun S A G
Fedora Extras Quality Assurance
Depends On:
Blocks: 963311 963313 963315
  Show dependency treegraph
Reported: 2013-05-15 11:49 EDT by Jan Lieskovsky
Modified: 2013-05-17 10:56 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 963311 (view as bug list)
Last Closed: 2013-05-17 10:56:39 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2013-05-15 11:49:48 EDT
Description of problem:
python-requests package (due to need / requirement of Python3's ssl.match_hostname() routine) embeds the code of the python-backports-ssl_match_hostname package.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. diff -s /root/rpmbuild/BUILD/python3-python-requests-1.1.0-3.fc17/requests/packages/urllib3/packages/ssl_match_hostname/__init__.py /root/rpmbuild/BUILD/backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py 
Files /root/rpmbuild/BUILD/python3-python-requests-1.1.0-3.fc17/requests/packages/urllib3/packages/ssl_match_hostname/__init__.py and /root/rpmbuild/BUILD/backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py are identical
Actual results:
ssl_match_hostname code from python-backports-ssl_match_hostname is embedded in python-requests code.

Expected results:
python-requests package should use / require system python-backports-ssl_match_hostname version, instead of directly embedding that code by itself again.

Additional info:
Since in the case a security flaw in the embedded code is found:

the fact of embedding means a requirement to issue a python-requests package update too.

Note You need to log in before you can comment on or make changes to this bug.