Bug#770099: unblock: python-urllib3/1.9.1-3
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
This is a pre-emptive request to unblock some bug fixes for package python-urllib3.
unblock python-urllib3/1.9.1-3
urllib3 currently contains a patch,
05_do-not-use-embedded-ssl-match-hostname.patch, to use new SSL
features in the Debian python2.7 >= 2.7.8-7 stdlib rather than a bundled
backport library. This works (albeit, currently with an insufficiently
tight dependency on python2.7).
However, it breaks the use of virtualenv with pypy (#763389), and any
current release of cPython 2.7, without commit 221a1f9155e2 (which isn't
yet part of a stable release) (#755106). These are both filed with
severity important.
My approach to solving the problem is to use the bundled backport
library, when necessary, rather than masking it entirely.
Another (slightly cleaner) option would be to make urllib3 fall-back to
python-backports.ssl-match-hostname. This would require adding a
python-backports.ssl-match-hostname-whl binary package, for virtualenv
to include in virtualenvs. But this would obviously be more invasive.
diff -Nru python-urllib3-1.9.1/debian/changelog python-urllib3-1.9.1/debian/changelog
--- python-urllib3-1.9.1/debian/changelog 2014-10-21 01:20:13.000000000 -0700
+++ python-urllib3-1.9.1/debian/changelog 2014-11-18 13:24:22.000000000 -0800
@@ -1,3 +1,12 @@
+python-urllib3 (1.9.1-3) UNRELEASED; urgency=medium
+
+ * Team upload.
+ * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with
+ 05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with
+ cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: 755106, 763389)
+
+ -- Stefano Rivera <stefanor@debian.org> Tue, 18 Nov 2014 12:45:49 -0800
+
python-urllib3 (1.9.1-2) unstable; urgency=medium
* debian/control
diff -Nru python-urllib3-1.9.1/debian/patches/05_avoid-embedded-ssl-match-hostname.patch python-urllib3-1.9.1/debian/patches/05_avoid-embedded-ssl-match-hostname.patch
--- python-urllib3-1.9.1/debian/patches/05_avoid-embedded-ssl-match-hostname.patch 1969-12-31 16:00:00.000000000 -0800
+++ python-urllib3-1.9.1/debian/patches/05_avoid-embedded-ssl-match-hostname.patch 2014-11-18 13:25:41.000000000 -0800
@@ -0,0 +1,22 @@
+Description: Do not use embedded copy of ssl.match_hostname, when possible
+ The system python has the necessary features backported, since 2.7.8-7 (and
+ 221a1f9155e2, releasing in 2.7.9, upstream). However, alternative python
+ implementations don't, yet, and urllib3 is used by pip in virtualenvs.
+Author: Stefano Rivera <stefanor@debian.org>
+Forwarded: not-needed
+Last-Update: 2014-11-18
+
+--- a/urllib3/packages/__init__.py
++++ b/urllib3/packages/__init__.py
+@@ -1,4 +1,9 @@
+ from __future__ import absolute_import
+
+-from . import ssl_match_hostname
+-
++try:
++ # cPython >= 2.7.9 has ssl features backported from Python3
++ from ssl import CertificateError
++ del CertificateError
++ import ssl as ssl_match_hostname
++except ImportError:
++ from . import ssl_match_hostname
diff -Nru python-urllib3-1.9.1/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch python-urllib3-1.9.1/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch
--- python-urllib3-1.9.1/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch 2014-09-23 11:28:38.000000000 -0700
+++ python-urllib3-1.9.1/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch 1969-12-31 16:00:00.000000000 -0800
@@ -1,56 +0,0 @@
-Description: Do not use embedded copy of ssl.match_hostname.
-Author: Daniele Tricoli <eriol@mornie.org>
-Forwarded: not-needed
-Last-Update: 2014-09-23
-
---- a/test/test_connectionpool.py
-+++ b/test/test_connectionpool.py
-@@ -6,7 +6,7 @@
- HTTPConnectionPool,
- )
- from urllib3.util.timeout import Timeout
--from urllib3.packages.ssl_match_hostname import CertificateError
-+from ssl import CertificateError
- from urllib3.exceptions import (
- ClosedPoolError,
- EmptyPoolError,
---- a/urllib3/connection.py
-+++ b/urllib3/connection.py
-@@ -39,7 +39,7 @@
- ConnectTimeoutError,
- SystemTimeWarning,
- )
--from .packages.ssl_match_hostname import match_hostname
-+from ssl import match_hostname
-
- from .util.ssl_ import (
- resolve_cert_reqs,
---- a/urllib3/connectionpool.py
-+++ b/urllib3/connectionpool.py
-@@ -26,7 +26,7 @@
- TimeoutError,
- InsecureRequestWarning,
- )
--from .packages.ssl_match_hostname import CertificateError
-+from ssl import CertificateError
- import six
- from .connection import (
- port_by_scheme,
---- a/urllib3/packages/__init__.py
-+++ b/urllib3/packages/__init__.py
-@@ -1,4 +1,3 @@
- from __future__ import absolute_import
-
--from . import ssl_match_hostname
-
---- a/setup.py
-+++ b/setup.py
-@@ -42,7 +42,7 @@
- url='http://urllib3.readthedocs.org/',
- license='MIT',
- packages=['urllib3',
-- 'urllib3.packages', 'urllib3.packages.ssl_match_hostname',
-+ 'urllib3.packages',
- 'urllib3.contrib', 'urllib3.util',
- ],
- requires=[],
diff -Nru python-urllib3-1.9.1/debian/patches/series python-urllib3-1.9.1/debian/patches/series
--- python-urllib3-1.9.1/debian/patches/series 2014-09-23 11:28:38.000000000 -0700
+++ python-urllib3-1.9.1/debian/patches/series 2014-11-18 12:59:18.000000000 -0800
@@ -2,4 +2,4 @@
02_require-cert-verification.patch
03_force_setuptools.patch
04_relax_nosetests_options.patch
-05_do-not-use-embedded-ssl-match-hostname.patch
+05_avoid-embedded-ssl-match-hostname.patch
SR
Reply to: