Bug 983582 - Python3 issues with distributed version 3.4.1
Python3 issues with distributed version 3.4.1
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Other
Leap 42.1
x86-64 openSUSE 42.1
: P5 - None : Normal (vote)
: ---
Assigned To: Jan Matejek
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-06-07 19:36 UTC by Hans-Peter Jansen
Modified: 2021-10-22 08:45 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Prioritize lowercase proxy variables in urllib.request (6.87 KB, patch)
2016-06-15 11:40 UTC, Hans-Peter Jansen
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Hans-Peter Jansen 2016-06-07 19:36:30 UTC
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:46.0) Gecko/20100101 Firefox/46.0
Build Identifier: 

There are a couple of issues related to the old Python 3.4.1 versions of 13.2 and 42.1, most importantly the ssl related changes, but there are ugly issues resulting in segfaults, too: http://bugs.python.org/issue21897 (this one has bitten me badly)

I've prepared an updated package 3.4.4 in home:frispete:python3 and addressed all issues. that Jan Matejek raised:
https://build.opensuse.org/package/show/home:frispete:python3/python3

So before things bit rot again, please consider an update. 

Reproducible: Always
Comment 1 Jan Matejek 2016-06-08 13:57:46 UTC
hello,
thank you for opening the issue and pinging me this way :)

I have now finished reviewing the modifications you made to the CGIHTTPServer patch, because they looked wrong. I have discovered that even though the patch applies, the CVE issue in question was in fact already fixed in 3.4.4, albeit in a different way.

Reapplying the old patch caused a different test to fail, and combined with a bug in the unittest module, this produced a spurious-looking failure.

The correct thing to do is to drop the CGIHTTPServer patch completely.

Please do that, and then feel free to submit a maintenance request to Leap and 13.2, i will accept the reviews.
Comment 2 Jan Matejek 2016-06-15 09:32:18 UTC
Let's wait for Python 3.4.5 release for this. It is scheduled for June 26.
Comment 3 Hans-Peter Jansen 2016-06-15 11:40:11 UTC
Created attachment 680889 [details]
Prioritize lowercase proxy variables in urllib.request

Fine with me.

Meanwhile, would you kindly review the patch at 

    https://hg.python.org/cpython/rev/49b975122022/

fixing

   http://bugs.python.org/issue26804

please?

Will attach it here, too.

Since it is not security related, it is not supposed for 3.4.5, but it is nagging me significantly, therefore I fixed it. It will appear in the next 3.5 and 2.7 series.
Comment 4 Jan Matejek 2016-06-30 13:54:49 UTC
Python 3.4.5 is out, so feel free to continue with the process.

you can include your patch in the maintenance update for 13.2 and Leap 42.1. It probably won't get into SLE, but you don't need to care about that :)

with your last submission, there were some broken changelogs. I recommend checking out clean versions of the packages from 13.2 and Leap, copying them over, and ensuring that all your entries are only added on top of the changelog.
Comment 5 Swamp Workflow Management 2016-08-19 17:12:20 UTC
openSUSE-SU-2016:2120-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 935856,951166,983582,984751,985177,985348,989523
CVE References: CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699
Sources used:
openSUSE Leap 42.1 (src):    python3-3.4.5-8.1, python3-base-3.4.5-8.1, python3-doc-3.4.5-8.1
openSUSE 13.2 (src):    python3-3.4.5-4.4.1, python3-base-3.4.5-4.4.1, python3-doc-3.4.5-4.4.1
Comment 6 Andreas Stieger 2016-10-26 13:23:00 UTC
Anything left to do here?
Comment 7 Hans-Peter Jansen 2016-10-26 13:52:04 UTC
No, thanks for the note.

It was a pleasure to work with you all on this.
Comment 8 Swamp Workflow Management 2016-10-26 16:26:04 UTC
SUSE-SU-2016:2653-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 951166,983582,984751,985177,985348,989523,991069
CVE References: CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    python3-base-3.4.5-17.1
SUSE Linux Enterprise Server 12-SP1 (src):    python3-3.4.5-17.1, python3-base-3.4.5-17.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    python3-3.4.5-17.1, python3-base-3.4.5-17.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    python3-3.4.5-17.1, python3-base-3.4.5-17.1
Comment 9 Swamp Workflow Management 2016-11-18 15:08:07 UTC
SUSE-SU-2016:2859-1: An update that solves four vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 951166,983582,984751,985177,985348,989523,991069
CVE References: CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    python3-base-3.4.5-19.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    python3-3.4.5-19.1, python3-base-3.4.5-19.1
SUSE Linux Enterprise Server 12-SP2 (src):    python3-3.4.5-19.1, python3-base-3.4.5-19.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    python3-3.4.5-19.1, python3-base-3.4.5-19.1
Comment 15 Swamp Workflow Management 2020-01-16 14:18:15 UTC
SUSE-SU-2020:0114-1: An update that solves 26 vulnerabilities and has 30 fixes is now available.

Category: security (important)
Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2, python3-doc-3.6.10-3.42.3
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    python3-base-3.6.10-3.42.2
SUSE Linux Enterprise Module for Development Tools 15 (src):    python3-base-3.6.10-3.42.2
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2
SUSE Linux Enterprise Module for Basesystem 15 (src):    python3-3.6.10-3.42.2, python3-base-3.6.10-3.42.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Swamp Workflow Management 2020-01-21 20:20:55 UTC
openSUSE-SU-2020:0086-1: An update that solves 26 vulnerabilities and has 30 fixes is now available.

Category: security (important)
Bug References: 1027282,1029377,1029902,1040164,1042670,1070853,1079761,1081750,1083507,1086001,1088004,1088009,1088573,1094814,1107030,1109663,1109847,1120644,1122191,1129346,1130840,1133452,1137942,1138459,1141853,1149121,1149792,1149955,1151490,1153238,1159035,1159622,637176,658604,673071,709442,743787,747125,751718,754447,754677,787526,809831,831629,834601,871152,885662,885882,917607,942751,951166,983582,984751,985177,985348,989523
CVE References: CVE-2011-3389,CVE-2011-4944,CVE-2012-0845,CVE-2012-1150,CVE-2013-1752,CVE-2013-4238,CVE-2014-2667,CVE-2014-4650,CVE-2016-0772,CVE-2016-1000110,CVE-2016-5636,CVE-2016-5699,CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-1061,CVE-2018-14647,CVE-2018-20406,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-16935,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947
Sources used:
openSUSE Leap 15.1 (src):    python3-3.6.10-lp151.6.7.1, python3-base-3.6.10-lp151.6.7.1
Comment 17 Swamp Workflow Management 2020-02-03 17:14:46 UTC
SUSE-SU-2020:0302-1: An update that solves 10 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1027282,1029377,1081750,1083507,1086001,1088009,1094814,1109663,1137942,1138459,1141853,1149121,1149429,1149792,1149955,1151490,1159035,1159622,709442,951166,983582
CVE References: CVE-2017-18207,CVE-2018-1000802,CVE-2018-1060,CVE-2018-20852,CVE-2019-10160,CVE-2019-15903,CVE-2019-16056,CVE-2019-5010,CVE-2019-9636,CVE-2019-9947
Sources used:
SUSE Linux Enterprise Server 12-SP5 (src):    python36-3.6.10-4.3.5, python36-base-3.6.10-4.3.5

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 23 OBSbugzilla Bot 2020-11-27 16:45:30 UTC
This is an autogenerated message for OBS integration:
This bug (983582) was mentioned in
https://build.opensuse.org/request/show/851367 Factory / python36
Comment 25 OBSbugzilla Bot 2020-12-01 18:25:39 UTC
This is an autogenerated message for OBS integration:
This bug (983582) was mentioned in
https://build.opensuse.org/request/show/852415 Factory / python36
Comment 27 OBSbugzilla Bot 2020-12-05 17:35:23 UTC
This is an autogenerated message for OBS integration:
This bug (983582) was mentioned in
https://build.opensuse.org/request/show/853277 Factory / python36
Comment 28 OBSbugzilla Bot 2020-12-05 19:15:38 UTC
This is an autogenerated message for OBS integration:
This bug (983582) was mentioned in
https://build.opensuse.org/request/show/853314 Factory / python36
Comment 31 OBSbugzilla Bot 2020-12-17 18:15:48 UTC
This is an autogenerated message for OBS integration:
This bug (983582) was mentioned in
https://build.opensuse.org/request/show/856737 Factory / python36
Comment 32 OBSbugzilla Bot 2021-10-06 14:45:25 UTC
This is an autogenerated message for OBS integration:
This bug (983582) was mentioned in
https://build.opensuse.org/request/show/923499 Factory / python36
Comment 33 OBSbugzilla Bot 2021-10-22 08:45:44 UTC
This is an autogenerated message for OBS integration:
This bug (983582) was mentioned in
https://build.opensuse.org/request/show/926876 Factory / python36