| 2020-10-09 11:56:53 |
Matthias Klose |
bug |
|
|
added bug |
| 2020-10-09 11:57:02 |
Matthias Klose |
bug task added |
|
python3.9 (Ubuntu) |
|
| 2020-10-09 11:57:13 |
Matthias Klose |
bug task added |
|
python3-stdlib-extensions (Ubuntu) |
|
| 2020-10-13 20:20:36 |
Russell Green |
attachment added |
|
1899159 https://bugs.launchpad.net/ubuntu/+source/python3.8/+bug/1899159/+attachment/5421845/+files/1899159 |
|
| 2020-10-13 20:22:01 |
Launchpad Janitor |
python3-stdlib-extensions (Ubuntu): status |
New |
Confirmed |
|
| 2020-10-13 20:22:01 |
Launchpad Janitor |
python3.8 (Ubuntu): status |
New |
Confirmed |
|
| 2020-10-13 20:22:01 |
Launchpad Janitor |
python3.9 (Ubuntu): status |
New |
Confirmed |
|
| 2021-05-11 08:09:00 |
Matthias Klose |
summary |
SRU: backport Python 3.8.6 and 3.9.0 to 20.04 LTS |
SRU: backport Python 3.9.5 to 20.04 LTS |
|
| 2021-05-11 08:09:10 |
Matthias Klose |
bug task deleted |
python3.8 (Ubuntu) |
|
|
| 2021-05-11 08:11:38 |
Matthias Klose |
nominated for series |
|
Ubuntu Focal |
|
| 2021-05-11 08:11:38 |
Matthias Klose |
bug task added |
|
python3-stdlib-extensions (Ubuntu Focal) |
|
| 2021-05-11 08:11:38 |
Matthias Klose |
bug task added |
|
python3.9 (Ubuntu Focal) |
|
| 2021-05-11 08:11:38 |
Matthias Klose |
nominated for series |
|
Ubuntu Hirsute |
|
| 2021-05-11 08:11:38 |
Matthias Klose |
bug task added |
|
python3-stdlib-extensions (Ubuntu Hirsute) |
|
| 2021-05-11 08:11:38 |
Matthias Klose |
bug task added |
|
python3.9 (Ubuntu Hirsute) |
|
| 2021-05-11 08:11:38 |
Matthias Klose |
nominated for series |
|
Ubuntu Groovy |
|
| 2021-05-11 08:11:38 |
Matthias Klose |
bug task added |
|
python3-stdlib-extensions (Ubuntu Groovy) |
|
| 2021-05-11 08:11:38 |
Matthias Klose |
bug task added |
|
python3.9 (Ubuntu Groovy) |
|
| 2021-05-11 08:27:13 |
Matthias Klose |
description |
Backport python 3.8.6 and 3.9.0 to focal.
Regression potential: ...
Validation: Test results show no regressions, and the archive test rebuild doesn't show any regressions. |
Backport python 3.8.6 and 3.9.0 to focal.
Regression potential: ...
Validation: Test results show no regressions, and the archive test rebuild doesn't show any regressions.
Acceptance criteria:
- 21.04: 3.9 is the default version. check test suite and autopkg test results
- 20.04 LTS and 20.10: not used in the archive, just check test suite
It's a minor upstream update, consisting of:
Security
--------
- bpo-43434: Creating a :class:`sqlite3.Connection` object now also produces
a ``sqlite3.connect`` :ref:`auditing event <auditing>`. Previously this
event was only produced by :func:`sqlite3.connect` calls. Patch by Erlend
E. Aasland.
- bpo-43882: The presence of newline or tab characters in parts of a URL
could allow some forms of attacks.
Following the controlling specification for URLs defined by WHATWG
:func:`urllib.parse` now removes ASCII newlines and tabs from URLs,
preventing such attacks.
- bpo-43472: Ensures interpreter-level audit hooks receive the
``cpython.PyInterpreterState_New`` event when called through the
``_xxsubinterpreters`` module.
- bpo-36384: :mod:`ipaddress` module no longer accepts any leading zeros in
IPv4 address strings. Leading zeros are ambiguous and interpreted as octal
notation by some libraries. For example the legacy function
:func:`socket.inet_aton` treats leading zeros as octal notatation. glibc
implementation of modern :func:`~socket.inet_pton` does not accept any
leading zeros. For a while the :mod:`ipaddress` module used to accept
ambiguous leading zeros.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability
in :class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable
regex has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on the
client side and needs remote attackers to control the HTTP server.
- bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame,
and generator code/frame attribute access.
Core and Builtins
-----------------
- bpo-43105: Importlib now resolves relative paths when creating module spec
objects from file locations.
- bpo-42924: Fix ``bytearray`` repetition incorrectly copying data from the
start of the buffer, even if the data is offset within the buffer (e.g.
after reassigning a slice at the start of the ``bytearray`` to a shorter
byte string).
Library
-------
- bpo-43993: Update bundled pip to 21.1.1.
- bpo-43937: Fixed the :mod:`turtle` module working with non-default root
window.
- bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0
- bpo-43920: OpenSSL 3.0.0: :meth:`~ssl.SSLContext.load_verify_locations`
now returns a consistent error message when cadata contains no valid
certificate.
- bpo-43607: :mod:`urllib` can now convert Windows paths with ``\\?\``
prefixes into URL paths.
- bpo-43284: platform.win32_ver derives the windows version from
sys.getwindowsversion().platform_version which in turn derives the version
from kernel32.dll (which can be of a different version than Windows
itself). Therefore change the platform.win32_ver to determine the version
using the platform module's _syscmd_ver private function to return an
accurate version.
- bpo-42248: [Enum] ensure exceptions raised in ``_missing__`` are released
- bpo-43799: OpenSSL 3.0.0: define ``OPENSSL_API_COMPAT`` 1.1.1 to suppress
deprecation warnings. Python requires OpenSSL 1.1.1 APIs.
- bpo-43794: Add :data:`ssl.OP_IGNORE_UNEXPECTED_EOF` constants (OpenSSL
3.0.0)
- bpo-43789: OpenSSL 3.0.0: Don't call the password callback function a
second time when first call has signaled an error condition.
- bpo-43788: The header files for :mod:`ssl` error codes are now OpenSSL
version-specific. Exceptions will now show correct reason and library
codes. The ``make_ssl_data.py`` script has been rewritten to use OpenSSL's
text file with error codes.
- bpo-43655: :mod:`tkinter` dialog windows are now recognized as dialogs by
window managers on macOS and X Window.
- bpo-43534: :func:`turtle.textinput` and :func:`turtle.numinput` create now
a transient window working on behalf of the canvas window.
- bpo-43522: Fix problem with
:attr:`~ssl.SSLContext.hostname_checks_common_name`. OpenSSL does not copy
hostflags from *struct SSL_CTX* to *struct SSL*.
- bpo-42967: Allow :class:`bytes` ``separator`` argument in
``urllib.parse.parse_qs`` and ``urllib.parse.parse_qsl`` when parsing
:class:`str` query strings. Previously, this raised a ``TypeError``.
- bpo-43176: Fixed processing of a dataclass that inherits from a frozen
dataclass with no fields. It is now correctly detected as an error.
- bpo-41735: Fix thread locks in zlib module may go wrong in rare case.
Patch by Ma Lin.
- bpo-36470: Fix dataclasses with ``InitVar``\s and
:func:`~dataclasses.replace()`. Patch by Claudiu Popa.
- bpo-32745: Fix a regression in the handling of ctypes'
:data:`ctypes.c_wchar_p` type: embedded null characters would cause a
:exc:`ValueError` to be raised. Patch by Zackery Spytz.
Documentation
-------------
- bpo-43959: The documentation on the PyContextVar C-API was clarified.
- bpo-43938: Update dataclasses documentation to express that
FrozenInstanceError is derived from AttributeError.
- bpo-43755: Update documentation to reflect that unparenthesized lambda
expressions can no longer be the expression part in an ``if`` clause in
comprehensions and generator expressions since Python 3.9.
- bpo-43739: Fixing the example code in Doc/extending/extending.rst to
declare and initialize the pmodule variable to be of the right type. |
|
| 2021-05-11 08:29:17 |
Matthias Klose |
summary |
SRU: backport Python 3.9.5 to 20.04 LTS |
SRU: backport Python 3.9.5 to 20.04 LTS, 20.10 and 21.04 |
|
| 2021-05-18 07:18:14 |
Łukasz Zemczak |
python3.9 (Ubuntu Hirsute): status |
New |
Fix Committed |
|
| 2021-05-18 07:18:16 |
Łukasz Zemczak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2021-05-18 07:18:21 |
Łukasz Zemczak |
bug |
|
|
added subscriber SRU Verification |
| 2021-05-18 07:18:25 |
Łukasz Zemczak |
tags |
|
verification-needed verification-needed-hirsute |
|
| 2021-05-18 07:19:06 |
Łukasz Zemczak |
python3-stdlib-extensions (Ubuntu Hirsute): status |
New |
Fix Committed |
|
| 2021-05-18 07:19:37 |
Łukasz Zemczak |
python3-stdlib-extensions (Ubuntu): status |
Confirmed |
Invalid |
|
| 2021-05-18 07:19:41 |
Łukasz Zemczak |
python3.9 (Ubuntu): status |
Confirmed |
Invalid |
|
| 2021-05-18 07:26:50 |
Łukasz Zemczak |
python3.9 (Ubuntu Groovy): status |
New |
Fix Committed |
|
| 2021-05-18 07:26:55 |
Łukasz Zemczak |
tags |
verification-needed verification-needed-hirsute |
verification-needed verification-needed-groovy verification-needed-hirsute |
|
| 2021-05-18 07:27:25 |
Łukasz Zemczak |
python3-stdlib-extensions (Ubuntu Groovy): status |
New |
Fix Committed |
|
| 2021-05-18 07:30:16 |
Łukasz Zemczak |
python3-stdlib-extensions (Ubuntu Focal): status |
New |
Fix Committed |
|
| 2021-05-18 07:30:23 |
Łukasz Zemczak |
tags |
verification-needed verification-needed-groovy verification-needed-hirsute |
verification-needed verification-needed-focal verification-needed-groovy verification-needed-hirsute |
|
| 2021-05-18 07:31:11 |
Łukasz Zemczak |
python3.9 (Ubuntu Focal): status |
New |
Fix Committed |
|
| 2021-05-25 08:15:51 |
Matthias Klose |
tags |
verification-needed verification-needed-focal verification-needed-groovy verification-needed-hirsute |
verification-done verification-done-focal verification-done-groovy verification-done-hirsute |
|
| 2021-05-25 08:20:47 |
Matthias Klose |
description |
Backport python 3.8.6 and 3.9.0 to focal.
Regression potential: ...
Validation: Test results show no regressions, and the archive test rebuild doesn't show any regressions.
Acceptance criteria:
- 21.04: 3.9 is the default version. check test suite and autopkg test results
- 20.04 LTS and 20.10: not used in the archive, just check test suite
It's a minor upstream update, consisting of:
Security
--------
- bpo-43434: Creating a :class:`sqlite3.Connection` object now also produces
a ``sqlite3.connect`` :ref:`auditing event <auditing>`. Previously this
event was only produced by :func:`sqlite3.connect` calls. Patch by Erlend
E. Aasland.
- bpo-43882: The presence of newline or tab characters in parts of a URL
could allow some forms of attacks.
Following the controlling specification for URLs defined by WHATWG
:func:`urllib.parse` now removes ASCII newlines and tabs from URLs,
preventing such attacks.
- bpo-43472: Ensures interpreter-level audit hooks receive the
``cpython.PyInterpreterState_New`` event when called through the
``_xxsubinterpreters`` module.
- bpo-36384: :mod:`ipaddress` module no longer accepts any leading zeros in
IPv4 address strings. Leading zeros are ambiguous and interpreted as octal
notation by some libraries. For example the legacy function
:func:`socket.inet_aton` treats leading zeros as octal notatation. glibc
implementation of modern :func:`~socket.inet_pton` does not accept any
leading zeros. For a while the :mod:`ipaddress` module used to accept
ambiguous leading zeros.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability
in :class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable
regex has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on the
client side and needs remote attackers to control the HTTP server.
- bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame,
and generator code/frame attribute access.
Core and Builtins
-----------------
- bpo-43105: Importlib now resolves relative paths when creating module spec
objects from file locations.
- bpo-42924: Fix ``bytearray`` repetition incorrectly copying data from the
start of the buffer, even if the data is offset within the buffer (e.g.
after reassigning a slice at the start of the ``bytearray`` to a shorter
byte string).
Library
-------
- bpo-43993: Update bundled pip to 21.1.1.
- bpo-43937: Fixed the :mod:`turtle` module working with non-default root
window.
- bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0
- bpo-43920: OpenSSL 3.0.0: :meth:`~ssl.SSLContext.load_verify_locations`
now returns a consistent error message when cadata contains no valid
certificate.
- bpo-43607: :mod:`urllib` can now convert Windows paths with ``\\?\``
prefixes into URL paths.
- bpo-43284: platform.win32_ver derives the windows version from
sys.getwindowsversion().platform_version which in turn derives the version
from kernel32.dll (which can be of a different version than Windows
itself). Therefore change the platform.win32_ver to determine the version
using the platform module's _syscmd_ver private function to return an
accurate version.
- bpo-42248: [Enum] ensure exceptions raised in ``_missing__`` are released
- bpo-43799: OpenSSL 3.0.0: define ``OPENSSL_API_COMPAT`` 1.1.1 to suppress
deprecation warnings. Python requires OpenSSL 1.1.1 APIs.
- bpo-43794: Add :data:`ssl.OP_IGNORE_UNEXPECTED_EOF` constants (OpenSSL
3.0.0)
- bpo-43789: OpenSSL 3.0.0: Don't call the password callback function a
second time when first call has signaled an error condition.
- bpo-43788: The header files for :mod:`ssl` error codes are now OpenSSL
version-specific. Exceptions will now show correct reason and library
codes. The ``make_ssl_data.py`` script has been rewritten to use OpenSSL's
text file with error codes.
- bpo-43655: :mod:`tkinter` dialog windows are now recognized as dialogs by
window managers on macOS and X Window.
- bpo-43534: :func:`turtle.textinput` and :func:`turtle.numinput` create now
a transient window working on behalf of the canvas window.
- bpo-43522: Fix problem with
:attr:`~ssl.SSLContext.hostname_checks_common_name`. OpenSSL does not copy
hostflags from *struct SSL_CTX* to *struct SSL*.
- bpo-42967: Allow :class:`bytes` ``separator`` argument in
``urllib.parse.parse_qs`` and ``urllib.parse.parse_qsl`` when parsing
:class:`str` query strings. Previously, this raised a ``TypeError``.
- bpo-43176: Fixed processing of a dataclass that inherits from a frozen
dataclass with no fields. It is now correctly detected as an error.
- bpo-41735: Fix thread locks in zlib module may go wrong in rare case.
Patch by Ma Lin.
- bpo-36470: Fix dataclasses with ``InitVar``\s and
:func:`~dataclasses.replace()`. Patch by Claudiu Popa.
- bpo-32745: Fix a regression in the handling of ctypes'
:data:`ctypes.c_wchar_p` type: embedded null characters would cause a
:exc:`ValueError` to be raised. Patch by Zackery Spytz.
Documentation
-------------
- bpo-43959: The documentation on the PyContextVar C-API was clarified.
- bpo-43938: Update dataclasses documentation to express that
FrozenInstanceError is derived from AttributeError.
- bpo-43755: Update documentation to reflect that unparenthesized lambda
expressions can no longer be the expression part in an ``if`` clause in
comprehensions and generator expressions since Python 3.9.
- bpo-43739: Fixing the example code in Doc/extending/extending.rst to
declare and initialize the pmodule variable to be of the right type. |
Backport python 3.9.5 to groovy and focal.
Regression potential: ...
Validation: Test results show no regressions, and the archive test rebuild doesn't show any regressions.
Acceptance criteria:
- 21.04: 3.9 is the default version. check test suite and autopkg test results
- 20.04 LTS and 20.10: not used in the archive, just check test suite
It's a minor upstream update, consisting of:
Security
--------
- bpo-43434: Creating a :class:`sqlite3.Connection` object now also produces
a ``sqlite3.connect`` :ref:`auditing event <auditing>`. Previously this
event was only produced by :func:`sqlite3.connect` calls. Patch by Erlend
E. Aasland.
- bpo-43882: The presence of newline or tab characters in parts of a URL
could allow some forms of attacks.
Following the controlling specification for URLs defined by WHATWG
:func:`urllib.parse` now removes ASCII newlines and tabs from URLs,
preventing such attacks.
- bpo-43472: Ensures interpreter-level audit hooks receive the
``cpython.PyInterpreterState_New`` event when called through the
``_xxsubinterpreters`` module.
- bpo-36384: :mod:`ipaddress` module no longer accepts any leading zeros in
IPv4 address strings. Leading zeros are ambiguous and interpreted as octal
notation by some libraries. For example the legacy function
:func:`socket.inet_aton` treats leading zeros as octal notatation. glibc
implementation of modern :func:`~socket.inet_pton` does not accept any
leading zeros. For a while the :mod:`ipaddress` module used to accept
ambiguous leading zeros.
- bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability
in :class:`urllib.request.AbstractBasicAuthHandler`. The ReDoS-vulnerable
regex has quadratic worst-case complexity and it allows cause a denial of
service when identifying crafted invalid RFCs. This ReDoS issue is on the
client side and needs remote attackers to control the HTTP server.
- bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame,
and generator code/frame attribute access.
Core and Builtins
-----------------
- bpo-43105: Importlib now resolves relative paths when creating module spec
objects from file locations.
- bpo-42924: Fix ``bytearray`` repetition incorrectly copying data from the
start of the buffer, even if the data is offset within the buffer (e.g.
after reassigning a slice at the start of the ``bytearray`` to a shorter
byte string).
Library
-------
- bpo-43993: Update bundled pip to 21.1.1.
- bpo-43937: Fixed the :mod:`turtle` module working with non-default root
window.
- bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0
- bpo-43920: OpenSSL 3.0.0: :meth:`~ssl.SSLContext.load_verify_locations`
now returns a consistent error message when cadata contains no valid
certificate.
- bpo-43607: :mod:`urllib` can now convert Windows paths with ``\\?\``
prefixes into URL paths.
- bpo-43284: platform.win32_ver derives the windows version from
sys.getwindowsversion().platform_version which in turn derives the version
from kernel32.dll (which can be of a different version than Windows
itself). Therefore change the platform.win32_ver to determine the version
using the platform module's _syscmd_ver private function to return an
accurate version.
- bpo-42248: [Enum] ensure exceptions raised in ``_missing__`` are released
- bpo-43799: OpenSSL 3.0.0: define ``OPENSSL_API_COMPAT`` 1.1.1 to suppress
deprecation warnings. Python requires OpenSSL 1.1.1 APIs.
- bpo-43794: Add :data:`ssl.OP_IGNORE_UNEXPECTED_EOF` constants (OpenSSL
3.0.0)
- bpo-43789: OpenSSL 3.0.0: Don't call the password callback function a
second time when first call has signaled an error condition.
- bpo-43788: The header files for :mod:`ssl` error codes are now OpenSSL
version-specific. Exceptions will now show correct reason and library
codes. The ``make_ssl_data.py`` script has been rewritten to use OpenSSL's
text file with error codes.
- bpo-43655: :mod:`tkinter` dialog windows are now recognized as dialogs by
window managers on macOS and X Window.
- bpo-43534: :func:`turtle.textinput` and :func:`turtle.numinput` create now
a transient window working on behalf of the canvas window.
- bpo-43522: Fix problem with
:attr:`~ssl.SSLContext.hostname_checks_common_name`. OpenSSL does not copy
hostflags from *struct SSL_CTX* to *struct SSL*.
- bpo-42967: Allow :class:`bytes` ``separator`` argument in
``urllib.parse.parse_qs`` and ``urllib.parse.parse_qsl`` when parsing
:class:`str` query strings. Previously, this raised a ``TypeError``.
- bpo-43176: Fixed processing of a dataclass that inherits from a frozen
dataclass with no fields. It is now correctly detected as an error.
- bpo-41735: Fix thread locks in zlib module may go wrong in rare case.
Patch by Ma Lin.
- bpo-36470: Fix dataclasses with ``InitVar``\s and
:func:`~dataclasses.replace()`. Patch by Claudiu Popa.
- bpo-32745: Fix a regression in the handling of ctypes'
:data:`ctypes.c_wchar_p` type: embedded null characters would cause a
:exc:`ValueError` to be raised. Patch by Zackery Spytz.
Documentation
-------------
- bpo-43959: The documentation on the PyContextVar C-API was clarified.
- bpo-43938: Update dataclasses documentation to express that
FrozenInstanceError is derived from AttributeError.
- bpo-43755: Update documentation to reflect that unparenthesized lambda
expressions can no longer be the expression part in an ``if`` clause in
comprehensions and generator expressions since Python 3.9.
- bpo-43739: Fixing the example code in Doc/extending/extending.rst to
declare and initialize the pmodule variable to be of the right type. |
|
| 2021-05-27 09:50:48 |
Launchpad Janitor |
python3.9 (Ubuntu Hirsute): status |
Fix Committed |
Fix Released |
|
| 2021-05-27 09:50:53 |
Launchpad Janitor |
python3-stdlib-extensions (Ubuntu Hirsute): status |
Fix Committed |
Fix Released |
|
| 2021-05-27 09:50:59 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2021-05-27 10:49:05 |
Launchpad Janitor |
python3.9 (Ubuntu Groovy): status |
Fix Committed |
Fix Released |
|
| 2021-05-27 10:49:05 |
Launchpad Janitor |
cve linked |
|
2021-3426 |
|
| 2021-05-27 10:49:09 |
Launchpad Janitor |
python3-stdlib-extensions (Ubuntu Groovy): status |
Fix Committed |
Fix Released |
|
| 2021-05-27 11:00:09 |
Launchpad Janitor |
python3.9 (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2021-05-27 11:00:43 |
Launchpad Janitor |
python3-stdlib-extensions (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
