Bug 963313 - python-requests: Use / depend on system version of python-backports-ssl_match_hostname package to use ssl.match_hostname() routine instead of embedding it directly again
python-requests: Use / depend on system version of python-backports-ssl_match...
Product: Fedora EPEL
Classification: Fedora
Component: python-requests (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Arun S A G
Fedora Extras Quality Assurance
Depends On: 963306 963311
Blocks: 963315
  Show dependency treegraph
Reported: 2013-05-15 11:53 EDT by Jan Lieskovsky
Modified: 2013-05-17 10:56 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 963311
: 963315 (view as bug list)
Last Closed: 2013-05-17 10:56:26 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2013-05-15 11:53:24 EDT
+++ This bug was initially created as a clone of Bug #963311 +++

+++ This bug was initially created as a clone of Bug #963306 +++

Description of problem:
python-requests package (due to need / requirement of Python3's ssl.match_hostname() routine) embeds the code of the python-backports-ssl_match_hostname package.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. diff -s /root/rpmbuild/BUILD/python3-python-requests-1.1.0-3.fc17/requests/packages/urllib3/packages/ssl_match_hostname/__init__.py /root/rpmbuild/BUILD/backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py 
Files /root/rpmbuild/BUILD/python3-python-requests-1.1.0-3.fc17/requests/packages/urllib3/packages/ssl_match_hostname/__init__.py and /root/rpmbuild/BUILD/backports.ssl_match_hostname-3.2a3/src/backports/ssl_match_hostname/__init__.py are identical
Actual results:
ssl_match_hostname code from python-backports-ssl_match_hostname is embedded in python-requests code.

Expected results:
python-requests package should use / require system python-backports-ssl_match_hostname version, instead of directly embedding that code by itself again.

Additional info:
Since in the case a security flaw in the embedded code is found:

the fact of embedding means a requirement to issue a python-requests package update too.

Note You need to log in before you can comment on or make changes to this bug.