Bug 624476

Summary:	dev-python/httplib2: Uses own bundled CA Store
Product:	Gentoo Security	Reporter:	Kristian Fiskerstrand (RETIRED) <k_f>
Component:	Auditing	Assignee:	Python Gentoo Team <python>
Status:	RESOLVED FIXED
Severity:	normal	CC:	security-audit
Priority:	Normal	Keywords:	InVCS, PATCH
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=624450
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:	624450
Bug Blocks:

Description Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-07-10 17:07:13 UTC

dev-python/httplib2 uses an own bundled CA Store, this should be unbundled similar to what is being done by debian https://sources.debian.net/src/python-httplib2/0.9.2%2Bdfsg-1/debian/patches/use_system_cacerts.patch/

the patch can be used verbatim, with /etc/ssl/certs/ca-certificates.crt being provided by app-misc/ca-certificates.

This enhances both security, by providing one CA store to maintain properly, and usability (the separate CA store was detected due to issue in bug 624450)

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-07-11 21:25:37 UTC

PR: https://github.com/gentoo/gentoo/pull/5092

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-07-13 11:05:16 UTC

Fixed via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ebc6fc6c47249c50409be161e37d5584ee51c87

Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-07-13 18:55:21 UTC

Re-opening as it isn't yet in stable

Comment 4 Virgil Dupras (RETIRED) gentoo-dev

2019-02-20 20:26:42 UTC

httplib2-0.10.3-r1 is now the oldest version in tree and is stable.