Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 985248 - transifex-client: use system python-backports-ssl_match_hostname
Summary: transifex-client: use system python-backports-ssl_match_hostname
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: transifex-client
Version: 20
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: ---
Assignee: Luis Bazan
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-17 07:34 UTC by Tomas Hoger
Modified: 2013-11-10 08:08 UTC (History)
5 users (show)

Fixed In Version: transifex-client-0.9-7.fc20
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-10-29 03:34:48 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Tomas Hoger 2013-07-17 07:34:52 UTC
Description of problem:
ssl_match_hostname is packaged in Fedora as python-backports-ssl_match_hostname.  It is available in all current Fedora versions and EPEL-6 (but not EPEL-5 currently, AFAICS).

Consider using python-backports-ssl_match_hostname where it's available.  It may be doable solely on the packaging level without modifying code - make txc packages require python-backports-ssl_match_hostname and packages symlinks to system ssl_match_hostname instead of actual files?

Version-Release number of selected component (if applicable):
transifex-client-0.9-1

Comment 1 Tomas Hoger 2013-07-17 07:39:25 UTC
(In reply to Tomas Hoger from comment #0)
> (but not EPEL-5 currently, AFAICS).

On the other hand, I'm not sure txc actually works on EPEL-5/RHEL-5.  tx imports ssl, and uses system python, which is 2.4.x.  ssl module is only available as of python 2.6:

http://docs.python.org/release/2.6/library/ssl.html

I've not tested, but it seems it should not work on EL5 at all.

Comment 2 Fedora Update System 2013-08-15 19:53:07 UTC
transifex-client-0.9-2.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/transifex-client-0.9-2.fc18

Comment 3 Fedora Update System 2013-08-15 19:53:19 UTC
transifex-client-0.9-2.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/transifex-client-0.9-2.el6

Comment 4 Fedora Update System 2013-08-15 19:53:28 UTC
transifex-client-0.9-2.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/transifex-client-0.9-2.fc19

Comment 5 Luis Bazan 2013-08-15 19:59:11 UTC
Hi Tomas

Could give karma for the update if it is working properly.

Regards!

Comment 6 Tomas Hoger 2013-08-16 07:38:46 UTC
(In reply to Luis Bazan from comment #5)
> Could give karma for the update if it is working properly.

I've never used transifex before, and it seems there's some effort needed to actually do real test (like getting transifex.com account).  I reported as I looked at the security report that triggered addition of the name check.

However, I did look at the fix that was applied:
http://pkgs.fedoraproject.org/cgit/transifex-client.git/commit/?h=f19&id=4fe62c0

I could not see how that should be sufficient to avoid using bundled version, so I dug deeper and found it does not help.  web.py does this to import match_hostname, so it will never try using version from the system python-backports-ssl_match_hostname package:

from txclib.packages.ssl_match_hostname import match_hostname

To quickly confirm, I used:

#!/usr/bin/python

from txclib.web import verify_ssl

verify_ssl("https://www.transifex.org/")

and got:

txclib.packages.ssl_match_hostname.CertificateError: hostname 'www.transifex.org' doesn't match either of '*.transifex.com', 'transifex.com'

So I think -1 karma for all (no-op change with an extra unused dependency).

Any thoughts on comment #1?

Comment 7 Fedora Update System 2013-08-16 19:54:05 UTC
Package transifex-client-0.9-2.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing transifex-client-0.9-2.el6'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11248/transifex-client-0.9-2.el6
then log in and leave karma (feedback).

Comment 8 Fedora Update System 2013-08-24 22:25:35 UTC
transifex-client-0.9-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2013-08-24 22:27:26 UTC
transifex-client-0.9-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Tomas Hoger 2013-08-26 05:57:57 UTC
Re-opening.  Comment 6 already explains why.  Not sure why this was pushed to stable even though this got a clear feedback that the change does not really change anything.

Comment 11 Fedora Update System 2013-08-26 13:25:34 UTC
transifex-client-0.9-3.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/transifex-client-0.9-3.fc18

Comment 12 Fedora Update System 2013-08-26 16:49:01 UTC
Package transifex-client-0.9-3.el6:
* should fix your issue,
* was pushed to the Fedora EPEL 6 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing transifex-client-0.9-3.el6'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11248/transifex-client-0.9-3.el6
then log in and leave karma (feedback).

Comment 13 Tomas Hoger 2013-08-27 05:02:23 UTC
Is the new update only meant to remove extra dependency?  Does it aim to fix the problem for which this bug was created?

Comment 14 Luis Bazan 2013-08-27 12:36:45 UTC
I am talking to upstream to see if I create a patch or directly corrected.

Best Regards!

Comment 15 Fedora End Of Life 2013-09-16 17:08:29 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 20 development cycle.
Changing version to '20'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora20

Comment 16 Fedora Update System 2013-10-10 20:24:30 UTC
transifex-client-0.9-4.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/transifex-client-0.9-4.fc18

Comment 17 Fedora Update System 2013-10-10 20:36:02 UTC
transifex-client-0.9-4.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/transifex-client-0.9-4.el6

Comment 18 Fedora Update System 2013-10-24 22:41:19 UTC
transifex-client-0.9-6.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/transifex-client-0.9-6.fc20

Comment 19 Fedora Update System 2013-10-24 22:44:16 UTC
transifex-client-0.9-6.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/transifex-client-0.9-6.fc19

Comment 20 Fedora Update System 2013-10-25 02:05:08 UTC
transifex-client-0.9-7.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/transifex-client-0.9-7.el6

Comment 21 Eduardo Echeverria 2013-10-28 20:56:02 UTC
Tomas, web.py has been changed for use system wide backports_ssl, Can you test it in order to close this bug?

Comment 22 Fedora Update System 2013-10-29 03:34:48 UTC
transifex-client-0.9-7.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 23 Tomas Hoger 2013-10-30 09:56:17 UTC
(In reply to Eduardo Echeverria from comment #21)
> Tomas, web.py has been changed for use system wide backports_ssl, Can you
> test it in order to close this bug?

I re-checked using test case form comment 6 and I'm getting exception form system backports-ssl-match_hostname module rather than tx bundled copy.

However, I noticed another problem, noted in bug 952194 comment 26.

Comment 24 Fedora Update System 2013-11-08 17:57:52 UTC
transifex-client-0.9-7.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 25 Fedora Update System 2013-11-10 08:08:08 UTC
transifex-client-0.9-7.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.