963311 – python-requests: Use / depend on system version of python-backports-ssl_match_hostname package to use ssl.match_hostname() routine instead of embedding it directly again

Bug 963311 - python-requests: Use / depend on system version of python-backports-ssl_match_hostname package to use ssl.match_hostname() routine instead of embedding it directly again

Summary: python-requests: Use / depend on system version of python-backports-ssl_match...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	python-requests
Sub Component:
Version:	17
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Arun S A G
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:	963306
Blocks:	963313 963315
TreeView+	depends on / blocked

Reported:	2013-05-15 15:51 UTC by Jan Lieskovsky
Modified:	2013-05-17 14:56 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	963306
Clones:	963313 (view as bug list)
Environment:
Last Closed:	2013-05-17 14:56:32 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Jan Lieskovsky 2013-05-15 15:51:31 UTC

+++ This bug was initially created as a clone of Bug #963306 +++

Description of problem:
python-requests package (due to need / requirement of Python3's ssl.match_hostname() routine) embeds the code of the python-backports-ssl_match_hostname package.

Version-Release number of selected component (if applicable):
python-requests-1.1.0-3.fc18

How reproducible:
Always

Steps to Reproduce:
1. diff -s /root/rpmbuild/BUILD/python3-python-requests-1.1.0-3.fc17/requests/packages/urllib3/packages/ssl_match_hostname/__init__.py /root/rpmbuild/BUILD/backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py 
Files /root/rpmbuild/BUILD/python3-python-requests-1.1.0-3.fc17/requests/packages/urllib3/packages/ssl_match_hostname/__init__.py and /root/rpmbuild/BUILD/backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py are identical
  
Actual results:
ssl_match_hostname code from python-backports-ssl_match_hostname is embedded in python-requests code.

Expected results:
python-requests package should use / require system python-backports-ssl_match_hostname version, instead of directly embedding that code by itself again.

Additional info:
Since in the case a security flaw in the embedded code is found:
  https://bugzilla.redhat.com/show_bug.cgi?id=963260

the fact of embedding means a requirement to issue a python-requests package update too.

Note You need to log in before you can comment on or make changes to this bug.