Ubuntu
python3-stdlib-extensions package

SRU: backport Python 3.9.5 to 20.04 LTS, 20.10 and 21.04

Bug #1899159 reported by Matthias Klose
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
python3-stdlib-extensions (Ubuntu)
Invalid
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Groovy
Fix Released
Undecided
Unassigned
Hirsute
Fix Released
Undecided
Unassigned
python3.9 (Ubuntu)
Invalid
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Groovy
Fix Released
Undecided
Unassigned
Hirsute
Fix Released
Undecided
Unassigned

Bug Description

Backport python 3.9.5 to groovy and focal.

Regression potential: ...

Validation: Test results show no regressions, and the archive test rebuild doesn't show any regressions.

Acceptance criteria:
 - 21.04: 3.9 is the default version. check test suite and autopkg test results
 - 20.04 LTS and 20.10: not used in the archive, just check test suite

It's a minor upstream update, consisting of:

Security
--------

- bpo-43434: Creating a :class:`sqlite3.Connection` object now also produces
  a ``sqlite3.connect`` :ref:`auditing event <auditing>`. Previously this
  event was only produced by :func:`sqlite3.connect` calls. Patch by Erlend
  E. Aasland.

- bpo-43882: The presence of newline or tab characters in parts of a URL
  could allow some forms of attacks.

  Following the controlling specification for URLs defined by WHATWG
  :func:`urllib.parse` now removes ASCII newlines and tabs from URLs,
  preventing such attacks.

- bpo-43472: Ensures interpreter-level audit hooks receive the
  ``cpython.PyInterpreterState_New`` event when called through the
  ``_xxsubinterpreters`` module.

- bpo-36384: :mod:`ipaddress` module no longer accepts any leading zeros in
  IPv4 address strings. Leading zeros are ambiguous and interpreted as octal
  notation by some libraries. For example the legacy function
  :func:`socket.inet_aton` treats leading zeros as octal notatation. glibc
  implementation of modern :func:`~socket.inet_pton` does not accept any
  leading zeros. For a while the :mod:`ipaddress` module used to accept
  ambiguous leading zeros.

- bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability
  in :class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable
  regex has quadratic worst-case complexity and it allows cause a denial of
  service when identifying crafted invalid RFCs. This ReDoS issue is on the
  client side and needs remote attackers to control the HTTP server.

- bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame,
  and generator code/frame attribute access.

Core and Builtins
-----------------

- bpo-43105: Importlib now resolves relative paths when creating module spec
  objects from file locations.

- bpo-42924: Fix ``bytearray`` repetition incorrectly copying data from the
  start of the buffer, even if the data is offset within the buffer (e.g.
  after reassigning a slice at the start of the ``bytearray`` to a shorter
  byte string).

Library
-------

- bpo-43993: Update bundled pip to 21.1.1.

- bpo-43937: Fixed the :mod:`turtle` module working with non-default root
  window.

- bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0

- bpo-43920: OpenSSL 3.0.0: :meth:`~ssl.SSLContext.load_verify_locations`
  now returns a consistent error message when cadata contains no valid
  certificate.

- bpo-43607: :mod:`urllib` can now convert Windows paths with ``\\?\``
  prefixes into URL paths.

- bpo-43284: platform.win32_ver derives the windows version from
  sys.getwindowsversion().platform_version which in turn derives the version
  from kernel32.dll (which can be of a different version than Windows
  itself). Therefore change the platform.win32_ver to determine the version
  using the platform module's _syscmd_ver private function to return an
  accurate version.

- bpo-42248: [Enum] ensure exceptions raised in ``_missing__`` are released

- bpo-43799: OpenSSL 3.0.0: define ``OPENSSL_API_COMPAT`` 1.1.1 to suppress
  deprecation warnings. Python requires OpenSSL 1.1.1 APIs.

- bpo-43794: Add :data:`ssl.OP_IGNORE_UNEXPECTED_EOF` constants (OpenSSL
  3.0.0)

- bpo-43789: OpenSSL 3.0.0: Don't call the password callback function a
  second time when first call has signaled an error condition.

- bpo-43788: The header files for :mod:`ssl` error codes are now OpenSSL
  version-specific. Exceptions will now show correct reason and library
  codes. The ``make_ssl_data.py`` script has been rewritten to use OpenSSL's
  text file with error codes.

- bpo-43655: :mod:`tkinter` dialog windows are now recognized as dialogs by
  window managers on macOS and X Window.

- bpo-43534: :func:`turtle.textinput` and :func:`turtle.numinput` create now
  a transient window working on behalf of the canvas window.

- bpo-43522: Fix problem with
  :attr:`~ssl.SSLContext.hostname_checks_common_name`. OpenSSL does not copy
  hostflags from *struct SSL_CTX* to *struct SSL*.

- bpo-42967: Allow :class:`bytes` ``separator`` argument in
  ``urllib.parse.parse_qs`` and ``urllib.parse.parse_qsl`` when parsing
  :class:`str` query strings. Previously, this raised a ``TypeError``.

- bpo-43176: Fixed processing of a dataclass that inherits from a frozen
  dataclass with no fields. It is now correctly detected as an error.

- bpo-41735: Fix thread locks in zlib module may go wrong in rare case.
  Patch by Ma Lin.

- bpo-36470: Fix dataclasses with ``InitVar``\s and
  :func:`~dataclasses.replace()`. Patch by Claudiu Popa.

- bpo-32745: Fix a regression in the handling of ctypes'
  :data:`ctypes.c_wchar_p` type: embedded null characters would cause a
  :exc:`ValueError` to be raised. Patch by Zackery Spytz.

Documentation
-------------

- bpo-43959: The documentation on the PyContextVar C-API was clarified.

- bpo-43938: Update dataclasses documentation to express that
  FrozenInstanceError is derived from AttributeError.

- bpo-43755: Update documentation to reflect that unparenthesized lambda
  expressions can no longer be the expression part in an ``if`` clause in
  comprehensions and generator expressions since Python 3.9.

- bpo-43739: Fixing the example code in Doc/extending/extending.rst to
  declare and initialize the pmodule variable to be of the right type.

See original description

CVE References

Revision history for this message
Russell Green (rjgreen) wrote :

Hi,

This backport appears to have introduced a regression. Permissions of /usr/local/lib/python3.8/dist-packages changed, disallowing non root access breaking policyd-spf.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in python3-stdlib-extensions (Ubuntu):
status: New → Confirmed
Changed in python3.8 (Ubuntu):
status: New → Confirmed
Changed in python3.9 (Ubuntu):
status: New → Confirmed
Matthias Klose (doko)
summary: - SRU: backport Python 3.8.6 and 3.9.0 to 20.04 LTS
+ SRU: backport Python 3.9.5 to 20.04 LTS
no longer affects: python3.8 (Ubuntu)
Matthias Klose (doko)
description: updated
summary: - SRU: backport Python 3.9.5 to 20.04 LTS
+ SRU: backport Python 3.9.5 to 20.04 LTS, 20.10 and 21.04
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Considering that basically I consider Python as part of the 'toolchain package set' and this new upstream release carries some security fixes, should we maybe get this built against -security only and perform a binary sync into -proposed? I see we did that in the past.

Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Matthias, or anyone else affected,

Accepted python3.9 into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python3.9/3.9.5-3~21.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python3.9 (Ubuntu Hirsute):
status: New → Fix Committed
tags: added: verification-needed verification-needed-hirsute
Changed in python3-stdlib-extensions (Ubuntu Hirsute):
status: New → Fix Committed
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Matthias, or anyone else affected,

Accepted python3-stdlib-extensions into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python3-stdlib-extensions/3.9.5-0ubuntu3~21.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python3-stdlib-extensions (Ubuntu):
status: Confirmed → Invalid
Changed in python3.9 (Ubuntu):
status: Confirmed → Invalid
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Matthias, or anyone else affected,

Accepted python3.9 into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python3.9/3.9.5-3~20.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python3.9 (Ubuntu Groovy):
status: New → Fix Committed
tags: added: verification-needed-groovy
Changed in python3-stdlib-extensions (Ubuntu Groovy):
status: New → Fix Committed
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Matthias, or anyone else affected,

Accepted python3-stdlib-extensions into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python3-stdlib-extensions/3.8.10-0ubuntu1~20.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python3-stdlib-extensions (Ubuntu Focal):
status: New → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Matthias, or anyone else affected,

Accepted python3-stdlib-extensions into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python3-stdlib-extensions/3.8.10-0ubuntu1~20.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python3.9 (Ubuntu Focal):
status: New → Fix Committed
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Matthias, or anyone else affected,

Accepted python3.9 into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python3.9/3.9.5-3~20.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (python3.9/3.9.5-3~20.10)

All autopkgtests for the newly accepted python3.9 (3.9.5-3~20.10) for groovy have finished running.
The following regressions have been reported in tests triggered by the package:

python3.9/3.9.5-3~20.10 (arm64, armhf, s390x, amd64, ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/groovy/update_excuses.html#python3.9

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (python3.9/3.9.5-3~20.04)

All autopkgtests for the newly accepted python3.9 (3.9.5-3~20.04) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

python3.9/3.9.5-3~20.04 (amd64, ppc64el, arm64, armhf, s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#python3.9

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (python3-stdlib-extensions/3.8.10-0ubuntu1~20.04)

All autopkgtests for the newly accepted python3-stdlib-extensions (3.8.10-0ubuntu1~20.04) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

python3.8/3.8.5-1~20.04.2 (ppc64el, amd64, armhf, s390x, arm64)
python3.9/3.9.5-3~20.04 (armhf, ppc64el, amd64, s390x, arm64)
udisks2/2.8.4-1ubuntu1 (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#python3-stdlib-extensions

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (python3-stdlib-extensions/3.8.10-0ubuntu1~20.10)

All autopkgtests for the newly accepted python3-stdlib-extensions (3.8.10-0ubuntu1~20.10) for groovy have finished running.
The following regressions have been reported in tests triggered by the package:

sshuttle/1.0.4-1ubuntu4 (s390x)
pandas/1.0.5+dfsg-3 (arm64, armhf, amd64, ppc64el, s390x)
python3.9/3.9.5-3~20.10 (s390x, ppc64el, armhf)
python3.9/3.9.0-5 (arm64, amd64)
libflame/5.2.0-2 (amd64)
python3.8/3.8.6-1ubuntu0.2 (arm64, armhf, amd64, ppc64el, s390x)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/groovy/update_excuses.html#python3-stdlib-extensions

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (python3-stdlib-extensions/3.9.5-0ubuntu3~21.04)

All autopkgtests for the newly accepted python3-stdlib-extensions (3.9.5-0ubuntu3~21.04) for hirsute have finished running.
The following regressions have been reported in tests triggered by the package:

python-pip/20.3.4-1ubuntu2 (arm64)
sshuttle/1.0.4-1ubuntu4 (amd64, ppc64el, arm64)
statsmodels/0.12.2-1 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/hirsute/update_excuses.html#python3-stdlib-extensions

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Matthias Klose (doko) wrote :

hirsute:

tests look ok, the remaining failures are sshuttle and libreoffice autopkg test failures, usually ignored, may succeed after several retries mainly caused by timeouts.

Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Matthias, or anyone else affected,

Accepted python3.9 into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python3.9/3.9.5-3~20.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Matthias, or anyone else affected,

Accepted python3.9 into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python3.9/3.9.5-3~20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (python3.9/3.9.5-3~20.04)

All autopkgtests for the newly accepted python3.9 (3.9.5-3~20.04) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

python3.9/3.9.5-3~20.04 (s390x, amd64, arm64, armhf, ppc64el)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#python3.9

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (python3.9/3.9.5-3~20.04.1)

All autopkgtests for the newly accepted python3.9 (3.9.5-3~20.04.1) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

python3.9/3.9.5-3~20.04.1 (arm64, amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#python3.9

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Matthias Klose (doko) wrote :

all autopkg tests triggered by python3.9 pass, all autopkg tests triggered by python3-stdlib-extensions pass. except for

1 test failed:
    test_ttk_textonly

this test is already ignored for python3.9, and also will be ignored with the pending update of 3.8 to 3.8.10, tracked in LP: #1928057. Suggesting to ignore that one here, the Tcl/Tk bindings are not much in use, and checked that idle continues to work with the update.

tags: added: verification-done verification-done-focal verification-done-groovy verification-done-hirsute
removed: verification-needed verification-needed-focal verification-needed-groovy verification-needed-hirsute
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python3.9 - 3.9.5-3~21.04

---------------
python3.9 (3.9.5-3~21.04) hirsute; urgency=medium

  * SRU: LP: #1899159: Backport Python 3.9.5 to 21.04.

 -- Matthias Klose <email address hidden> Tue, 11 May 2021 10:20:37 +0200

Changed in python3.9 (Ubuntu Hirsute):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python3-stdlib-extensions - 3.9.5-0ubuntu3~21.04

---------------
python3-stdlib-extensions (3.9.5-0ubuntu3~21.04) hirsute; urgency=medium

  * SRU: LP: #1899159: Backport Python 3.9.5 to 21.04.

 -- Matthias Klose <email address hidden> Tue, 11 May 2021 10:35:23 +0200

Changed in python3-stdlib-extensions (Ubuntu Hirsute):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for python3.9 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Ok, I also see pandas ADT tests failing for groovy, but those seem to have been failing since a while already. Let me hint those.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.2 KiB)

This bug was fixed in the package python3.9 - 3.9.5-3~20.10.1

---------------
python3.9 (3.9.5-3~20.10.1) groovy; urgency=medium

  * SRU: LP: #1899159: Backport Python 3.9.5 to 20.10.
  * Adjust python3-tk autopkg test dependency to the version found
    in the release.

python3.9 (3.9.5-3) experimental; urgency=medium

  * Tighten python3-tk autopkg test dependency.
  * Try to detect whether python3-venv is missing (Stefano Rivera).
    Closes: #977887.

python3.9 (3.9.5-2) experimental; urgency=medium

  * Re-add the dependency on libdb-dev. With Python 3.10, building
    the _dbm extension using libgdbm-compat-dev, and moving the _dbm
    extension into the python3-gdbm package.
  * Call python with -S when checking the minimal set of modules.

python3.9 (3.9.5-1) experimental; urgency=medium

  * Python 3.9.5 release.
  * Refresh patches.
  * Drop the unused build dependency on libdb-dev.

python3.9 (3.9.4-1) experimental; urgency=medium

  * Python 3.9.4 release.

python3.9 (3.9.3-2) experimental; urgency=high

  * Fix flags substitutions for _sysconfigdata.
  * Revert the fix for issue #42500, breaking ABI on 32bit architectures.

python3.9 (3.9.3-1) experimental; urgency=medium

  * Python 3.9.3 release.
    - Fix issue #42988: CVE-2021-3426: Remove the getfile feature of the
      pydoc module which could be abused to read arbitrary files on the
      disk (directory traversal vulnerability).
    - Other security issues without a CVE.
    - Other fixes. See the NEWS file.
  * Move zlib1g-dev dependency to libpython3.9-dev. Closes: #984580.
  * Configure with --libdir=/usr/lib/$(DEB_HOST_MULTIARCH), recording the
    correct LIBDIR in _sysconfigdata. Also adjust DESTSHARED to install
    lib-dynload into the same location as before the configure change.
    See issue #43229.

python3.9 (3.9.2-1) unstable; urgency=medium

  * Python 3.9.2 release. No changes since 3.9.2~rc1-1.
  * Build idlelib/help.html from source, don't ship the pre-generated file.
  * Autopkg tests:
    - Run testsuite{,-dbg} autopkg tests with allow-stderr. Closes: #983305.
    - Run again in testsuite instead of failing-tests: test_ftplib,
      test_httplib test_imaplib test_nntplib test_poplib test_ssl.
    - Run test_distutils and test_site tests again.

python3.9 (3.9.2~rc1-1) experimental; urgency=medium

  * Python 3.9.2 release candidate 1. Changes since 3.9.1-4:
    - Fix issue #42967, web cache poisoning vulnerability.
    - Fix issue #42938, explicitly disable bracketed paste in the interactive
      interpreter. Closes: #979154.
  * Fix permissions and group for local directories. Closes: #962422.
  * Build a python3.9-full package.
  * idle-python3.9: Drop dependency on libjs-mathjax, unused in 3.8 and 3.9.
  * python3.9-doc: Fix links to the documentation in /usr/share/doc/python3.9.
  * Refresh patches.

python3.9 (3.9.1-4) unstable; urgency=medium

  * Update to the 3.9 branch 2021-02-04.
  * Fix issue #43030, compiler warning in Py_UNICODE_ISSPACE with
    signed wchar_t. Closes: #961396.
  * Depend on media-types instead of mime-support. Closes: #981016.
  * Fix permissions and group for local directories. Closes: #962422.

python3.9 (3.9.1-3)...

Read more...

Changed in python3.9 (Ubuntu Groovy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python3-stdlib-extensions - 3.8.10-0ubuntu1~20.10

---------------
python3-stdlib-extensions (3.8.10-0ubuntu1~20.10) groovy; urgency=medium

  * SRU: LP: #1899159: Backport Python 3.9.5 to 20.10.

 -- Matthias Klose <email address hidden> Tue, 11 May 2021 10:35:23 +0200

Changed in python3-stdlib-extensions (Ubuntu Groovy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.2 KiB)

This bug was fixed in the package python3.9 - 3.9.5-3~20.04.1

---------------
python3.9 (3.9.5-3~20.04.1) focal; urgency=medium

  * SRU: LP: #1899159: Backport Python 3.9.5 to 20.04 LTS.
  * Adjust python3-tk autopkg test dependency to the version found
    in the release.

python3.9 (3.9.5-3) experimental; urgency=medium

  * Tighten python3-tk autopkg test dependency.
  * Try to detect whether python3-venv is missing (Stefano Rivera).
    Closes: #977887.

python3.9 (3.9.5-2) experimental; urgency=medium

  * Re-add the dependency on libdb-dev. With Python 3.10, building
    the _dbm extension using libgdbm-compat-dev, and moving the _dbm
    extension into the python3-gdbm package.
  * Call python with -S when checking the minimal set of modules.

python3.9 (3.9.5-1) experimental; urgency=medium

  * Python 3.9.5 release.
  * Refresh patches.
  * Drop the unused build dependency on libdb-dev.

python3.9 (3.9.4-1) experimental; urgency=medium

  * Python 3.9.4 release.

python3.9 (3.9.3-2) experimental; urgency=high

  * Fix flags substitutions for _sysconfigdata.
  * Revert the fix for issue #42500, breaking ABI on 32bit architectures.

python3.9 (3.9.3-1) experimental; urgency=medium

  * Python 3.9.3 release.
    - Fix issue #42988: CVE-2021-3426: Remove the getfile feature of the
      pydoc module which could be abused to read arbitrary files on the
      disk (directory traversal vulnerability).
    - Other security issues without a CVE.
    - Other fixes. See the NEWS file.
  * Move zlib1g-dev dependency to libpython3.9-dev. Closes: #984580.
  * Configure with --libdir=/usr/lib/$(DEB_HOST_MULTIARCH), recording the
    correct LIBDIR in _sysconfigdata. Also adjust DESTSHARED to install
    lib-dynload into the same location as before the configure change.
    See issue #43229.

python3.9 (3.9.2-1) unstable; urgency=medium

  * Python 3.9.2 release. No changes since 3.9.2~rc1-1.
  * Build idlelib/help.html from source, don't ship the pre-generated file.
  * Autopkg tests:
    - Run testsuite{,-dbg} autopkg tests with allow-stderr. Closes: #983305.
    - Run again in testsuite instead of failing-tests: test_ftplib,
      test_httplib test_imaplib test_nntplib test_poplib test_ssl.
    - Run test_distutils and test_site tests again.

python3.9 (3.9.2~rc1-1) experimental; urgency=medium

  * Python 3.9.2 release candidate 1. Changes since 3.9.1-4:
    - Fix issue #42967, web cache poisoning vulnerability.
    - Fix issue #42938, explicitly disable bracketed paste in the interactive
      interpreter. Closes: #979154.
  * Fix permissions and group for local directories. Closes: #962422.
  * Build a python3.9-full package.
  * idle-python3.9: Drop dependency on libjs-mathjax, unused in 3.8 and 3.9.
  * python3.9-doc: Fix links to the documentation in /usr/share/doc/python3.9.
  * Refresh patches.

python3.9 (3.9.1-4) unstable; urgency=medium

  * Update to the 3.9 branch 2021-02-04.
  * Fix issue #43030, compiler warning in Py_UNICODE_ISSPACE with
    signed wchar_t. Closes: #961396.
  * Depend on media-types instead of mime-support. Closes: #981016.
  * Fix permissions and group for local directories. Closes: #962422.

python3.9 (3.9.1...

Read more...

Changed in python3.9 (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python3-stdlib-extensions - 3.8.10-0ubuntu1~20.04

---------------
python3-stdlib-extensions (3.8.10-0ubuntu1~20.04) focal; urgency=medium

  * SRU: LP: #1899159: Backport Python 3.9.5 to 20.04 LTS.

 -- Matthias Klose <email address hidden> Tue, 11 May 2021 10:35:23 +0200

Changed in python3-stdlib-extensions (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.