Bug#770099: marked as done (unblock: python-urllib3/1.9.1-3)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 21 Nov 2014 13:26:41 +0000
with message-id <e933b00a6f18448a7efc1c82202b9bb5@hogwarts.powdarrmonkey.net>
and subject line Re: Bug#770099: unblock: python-urllib3/1.9.1-3
has caused the Debian Bug report #770099,
regarding unblock: python-urllib3/1.9.1-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
770099: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770099
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: python-urllib3/1.9.1-3
• From: Stefano Rivera <stefanor@debian.org>
• Date: Tue, 18 Nov 2014 13:35:07 -0800
• Message-id: <[🔎] 20141118213507.GA18658@purcell.lan>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

This is a pre-emptive request to unblock some bug fixes for package python-urllib3.

unblock python-urllib3/1.9.1-3

urllib3 currently contains a patch,
05_do-not-use-embedded-ssl-match-hostname.patch, to use new SSL
features in the Debian python2.7 >= 2.7.8-7 stdlib rather than a bundled
backport library. This works (albeit, currently with an insufficiently
tight dependency on python2.7).

However, it breaks the use of virtualenv with pypy (#763389), and any
current release of cPython 2.7, without commit 221a1f9155e2 (which isn't
yet part of a stable release) (#755106). These are both filed with
severity important.

My approach to solving the problem is to use the bundled backport
library, when necessary, rather than masking it entirely.

Another (slightly cleaner) option would be to make urllib3 fall-back to
python-backports.ssl-match-hostname. This would require adding a
python-backports.ssl-match-hostname-whl binary package, for virtualenv
to include in virtualenvs. But this would obviously be more invasive.


diff -Nru python-urllib3-1.9.1/debian/changelog python-urllib3-1.9.1/debian/changelog
--- python-urllib3-1.9.1/debian/changelog	2014-10-21 01:20:13.000000000 -0700
+++ python-urllib3-1.9.1/debian/changelog	2014-11-18 13:24:22.000000000 -0800
@@ -1,3 +1,12 @@
+python-urllib3 (1.9.1-3) UNRELEASED; urgency=medium
+
+  * Team upload.
+  * Replace 05_do-not-use-embedded-ssl-match-hostname.patch with
+    05_avoid-embedded-ssl-match-hostname.patch. Users may use virtualenv with
+    cPython << 2.7.9 (or Debian python2.7 2.7.8-7). (Closes: 755106, 763389)
+
+ -- Stefano Rivera <stefanor@debian.org>  Tue, 18 Nov 2014 12:45:49 -0800
+
 python-urllib3 (1.9.1-2) unstable; urgency=medium
 
   * debian/control
diff -Nru python-urllib3-1.9.1/debian/patches/05_avoid-embedded-ssl-match-hostname.patch python-urllib3-1.9.1/debian/patches/05_avoid-embedded-ssl-match-hostname.patch
--- python-urllib3-1.9.1/debian/patches/05_avoid-embedded-ssl-match-hostname.patch	1969-12-31 16:00:00.000000000 -0800
+++ python-urllib3-1.9.1/debian/patches/05_avoid-embedded-ssl-match-hostname.patch	2014-11-18 13:25:41.000000000 -0800
@@ -0,0 +1,22 @@
+Description: Do not use embedded copy of ssl.match_hostname, when possible
+ The system python has the necessary features backported, since 2.7.8-7 (and
+ 221a1f9155e2, releasing in 2.7.9, upstream). However, alternative python
+ implementations don't, yet, and urllib3 is used by pip in virtualenvs.
+Author: Stefano Rivera <stefanor@debian.org>
+Forwarded: not-needed
+Last-Update: 2014-11-18
+
+--- a/urllib3/packages/__init__.py
++++ b/urllib3/packages/__init__.py
+@@ -1,4 +1,9 @@
+ from __future__ import absolute_import
+ 
+-from . import ssl_match_hostname
+-
++try:
++    # cPython >= 2.7.9 has ssl features backported from Python3
++    from ssl import CertificateError
++    del CertificateError
++    import ssl as ssl_match_hostname
++except ImportError:
++    from . import ssl_match_hostname
diff -Nru python-urllib3-1.9.1/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch python-urllib3-1.9.1/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch
--- python-urllib3-1.9.1/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch	2014-09-23 11:28:38.000000000 -0700
+++ python-urllib3-1.9.1/debian/patches/05_do-not-use-embedded-ssl-match-hostname.patch	1969-12-31 16:00:00.000000000 -0800
@@ -1,56 +0,0 @@
-Description: Do not use embedded copy of ssl.match_hostname.
-Author: Daniele Tricoli <eriol@mornie.org>
-Forwarded: not-needed
-Last-Update: 2014-09-23
-
---- a/test/test_connectionpool.py
-+++ b/test/test_connectionpool.py
-@@ -6,7 +6,7 @@
-     HTTPConnectionPool,
- )
- from urllib3.util.timeout import Timeout
--from urllib3.packages.ssl_match_hostname import CertificateError
-+from ssl import CertificateError
- from urllib3.exceptions import (
-     ClosedPoolError,
-     EmptyPoolError,
---- a/urllib3/connection.py
-+++ b/urllib3/connection.py
-@@ -39,7 +39,7 @@
-     ConnectTimeoutError,
-     SystemTimeWarning,
- )
--from .packages.ssl_match_hostname import match_hostname
-+from ssl import match_hostname
- 
- from .util.ssl_ import (
-     resolve_cert_reqs,
---- a/urllib3/connectionpool.py
-+++ b/urllib3/connectionpool.py
-@@ -26,7 +26,7 @@
-     TimeoutError,
-     InsecureRequestWarning,
- )
--from .packages.ssl_match_hostname import CertificateError
-+from ssl import CertificateError
- import six
- from .connection import (
-     port_by_scheme,
---- a/urllib3/packages/__init__.py
-+++ b/urllib3/packages/__init__.py
-@@ -1,4 +1,3 @@
- from __future__ import absolute_import
- 
--from . import ssl_match_hostname
- 
---- a/setup.py
-+++ b/setup.py
-@@ -42,7 +42,7 @@
-       url='http://urllib3.readthedocs.org/',
-       license='MIT',
-       packages=['urllib3',
--                'urllib3.packages', 'urllib3.packages.ssl_match_hostname',
-+                'urllib3.packages',
-                 'urllib3.contrib', 'urllib3.util',
-                 ],
-       requires=[],
diff -Nru python-urllib3-1.9.1/debian/patches/series python-urllib3-1.9.1/debian/patches/series
--- python-urllib3-1.9.1/debian/patches/series	2014-09-23 11:28:38.000000000 -0700
+++ python-urllib3-1.9.1/debian/patches/series	2014-11-18 12:59:18.000000000 -0800
@@ -2,4 +2,4 @@
 02_require-cert-verification.patch
 03_force_setuptools.patch
 04_relax_nosetests_options.patch
-05_do-not-use-embedded-ssl-match-hostname.patch
+05_avoid-embedded-ssl-match-hostname.patch

SR

--- End Message ---

--- Begin Message ---

• To: Stefano Rivera <stefanor@debian.org>, 770099-done@bugs.debian.org
• Subject: Re: Bug#770099: unblock: python-urllib3/1.9.1-3
• From: Jonathan Wiltshire <jmw@debian.org>
• Date: Fri, 21 Nov 2014 13:26:41 +0000
• Message-id: <e933b00a6f18448a7efc1c82202b9bb5@hogwarts.powdarrmonkey.net>
• In-reply-to: <[🔎] 20141121003430.GS4220@bach.rivera.co.za>
• References: <[🔎] 20141118213507.GA18658@purcell.lan> <[🔎] 20141120222303.GM6216@lupin.home.powdarrmonkey.net> <[🔎] 20141121003430.GS4220@bach.rivera.co.za>

On 2014-11-21 00:34, Stefano Rivera wrote:

Hi Jonathan (2014.11.21_00:23:03_+0200)

Please go ahead.

Looks like Daniele already uploaded 1.9.1-3, with the inclusion of an
additional bug fix - #770246

Unblocked.

--
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

<directhex> i have six years of solaris sysadmin experience, from
            8->10. i am well qualified to say it is made from bonghits
			layered on top of bonghits

--- End Message ---