SRU: update python3.10 to the 3.10.5 release in 22.04 LTS

Bug #1982108 reported by Matthias Klose
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
python3-defaults (Ubuntu)
New
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned
python3-stdlib-extensions (Ubuntu)
Confirmed
Undecided
Unassigned
Jammy
Fix Committed
Undecided
Unassigned
python3.10 (Ubuntu)
Confirmed
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned

Bug Description

SRU: update python3.10 to the 3.10.5 release in 22.04 LTS

we are doing a test rebuild of 22.04 main to check for regressions.

test rebuilds at
https://people.canonical.com/~ginggs/ftbfs-report/test-rebuild-20220728-jammy-jammy.html
https://people.canonical.com/~ginggs/ftbfs-report/test-rebuild-20220728-jammy-gcc-jammy.html

the first one is the reference test rebuild, the second one the rebuild using updated binutils, GCC and python packages.

Analysis:

regressions on riscv64 (caused by enabling the tests) are:

abseil
adsys
colord
dovecot
glib-networking
glibc
gnome-bluetooth3
gnome-control-center
google-perftools
json-glib
libfprint
libgdata
memcached
mir
openvswitch
ovn
pmdk
power-profiles-daemon
strace
swtpm
vim

devscripts is not a regression, introduced by a custom dpkg-buildpackage wrapper.

binutils and python3-stdlib-extensions are superseded which are part of the planned updates.

CVE References

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in python3-stdlib-extensions (Ubuntu Jammy):
status: New → Confirmed
Changed in python3-stdlib-extensions (Ubuntu):
status: New → Confirmed
Changed in python3.10 (Ubuntu Jammy):
status: New → Confirmed
Changed in python3.10 (Ubuntu):
status: New → Confirmed
Revision history for this message
Matthias Klose (doko) wrote :
Download full text (11.6 KiB)

after the test rebuild, updated to 3.10.6. This includes two security fixes plus further fixes in the stable branch:

+++++++++++
Python News
+++++++++++

What's New in Python 3.10.6 final?
==================================

*Release date: 2022-08-01*

Security
--------

- gh-issue-87389: :mod:`http.server`: Fix an open redirection vulnerability
  in the HTTP server when an URI path starts with ``//``. Vulnerability
  discovered, and initial fix proposed, by Hamza Avvan.

- gh-issue-92888: Fix ``memoryview`` use after free when accessing the
  backing buffer in certain cases.

Core and Builtins
-----------------

- gh-issue-95355: ``_PyPegen_Parser_New`` now properly detects token memory
  allocation errors. Patch by Honglin Zhu.

- gh-issue-94938: Fix error detection in some builtin functions when keyword
  argument name is an instance of a str subclass with overloaded ``__eq__``
  and ``__hash__``. Previously it could cause SystemError or other undesired
  behavior.

- gh-issue-94949: :func:`ast.parse` will no longer parse parenthesized
  context managers when passed ``feature_version`` less than ``(3, 9)``.
  Patch by Shantanu Jain.

- gh-issue-94947: :func:`ast.parse` will no longer parse assignment
  expressions when passed ``feature_version`` less than ``(3, 8)``. Patch by
  Shantanu Jain.

- gh-issue-94869: Fix the column offsets for some expressions in multi-line
  f-strings :mod:`ast` nodes. Patch by Pablo Galindo.

- gh-issue-91153: Fix an issue where a :class:`bytearray` item assignment
  could crash if it's resized by the new value's :meth:`__index__` method.

- gh-issue-94329: Compile and run code with unpacking of extremely large
  sequences (1000s of elements). Such code failed to compile. It now
  compiles and runs correctly.

- gh-issue-94360: Fixed a tokenizer crash when reading encoded files with
  syntax errors from ``stdin`` with non utf-8 encoded text. Patch by Pablo
  Galindo

- gh-issue-94192: Fix error for dictionary literals with invalid expression
  as value.

- gh-issue-93964: Strengthened compiler overflow checks to prevent crashes
  when compiling very large source files.

- gh-issue-93671: Fix some exponential backtrace case happening with deeply
  nested sequence patterns in match statements. Patch by Pablo Galindo

- gh-issue-93021: Fix the :attr:`__text_signature__` for :meth:`__get__`
  methods implemented in C. Patch by Jelle Zijlstra.

- gh-issue-92930: Fixed a crash in ``_pickle.c`` from mutating collections
  during ``__reduce__`` or ``persistent_id``.

- gh-issue-92914: Always round the allocated size for lists up to the
  nearest even number.

- gh-issue-92858: Improve error message for some suites with syntax error
  before ':'

Library
-------

- gh-issue-95339: Update bundled pip to 22.2.1.

- gh-issue-95045: Fix GC crash when deallocating ``_lsprof.Profiler`` by
  untracking it before calling any callbacks. Patch by Kumar Aditya.

- gh-issue-95087: Fix IndexError in parsing invalid date in the :mod:`email`
  module.

- gh-issue-95199: Upgrade bundled setuptools to 63.2.0.

- gh-issue-95194: Upgrade bundled pip to 22.2.

- gh-issue-93899: Fix check for existence of :data:`os.EFD_CLOEXEC`,
  :data:...

Matthias Klose (doko)
description: updated
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Matthias, or anyone else affected,

Accepted python3-defaults into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python3-defaults/3.10.6-1~22.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python3-defaults (Ubuntu Jammy):
status: New → Fix Committed
tags: added: verification-needed verification-needed-jammy
Changed in python3.10 (Ubuntu Jammy):
status: Confirmed → Fix Committed
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Matthias, or anyone else affected,

Accepted python3.10 into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python3.10/3.10.6-1~22.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in python3-stdlib-extensions (Ubuntu Jammy):
status: Confirmed → Fix Committed
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Matthias, or anyone else affected,

Accepted python3-stdlib-extensions into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/python3-stdlib-extensions/3.10.6-1~22.04 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Weirdly, two of the syncs prepared (python3.10 and python3-stdlib-extensions) don't have any Launchpad-Bugs-Fixed in their .changes files (even though bugs are correctly visible in the changelog. Since those are binary syncs and time-consuming to rebuild, I accepted those as-is. But please remember that, if in case of the sru-report not figuring this out, there are three packages as part of this update that need to go out at the same time.

Revision history for this message
Nathan Rennie-Waldock (nathan-renniewaldock) wrote :

I can confirm this resolves the issue of embedded interpreters crashing (tested with Kodi).

Versions used:
ii libpython3-dev:amd64 3.10.6-1~22.04 amd64 header files and a static library for Python (default)
ii libpython3-stdlib:amd64 3.10.6-1~22.04 amd64 interactive high-level object-oriented language (default python3 version)
ii libpython3.10:amd64 3.10.6-1~22.04 amd64 Shared Python runtime library (version 3.10)
ii libpython3.10-dev:amd64 3.10.6-1~22.04 amd64 Header files and a static library for Python (v3.10)
ii libpython3.10-minimal:amd64 3.10.6-1~22.04 amd64 Minimal subset of the Python language (version 3.10)
ii libpython3.10-stdlib:amd64 3.10.6-1~22.04 amd64 Interactive high-level object-oriented language (standard library, version 3.10)
ii python3 3.10.6-1~22.04 amd64 interactive high-level object-oriented language (default python3 version)
ii python3-dev 3.10.6-1~22.04 amd64 header files and a static library for Python (default)
ii python3-distutils 3.10.6-1~22.04 all distutils package for Python 3.x
ii python3-lib2to3 3.10.6-1~22.04 all Interactive high-level object-oriented language (lib2to3)
ii python3-minimal 3.10.6-1~22.04 amd64 minimal subset of the Python language (default python3 version)
ii python3-venv 3.10.6-1~22.04 amd64 venv module for python3 (default python3 version)
ii python3.10 3.10.6-1~22.04 amd64 Interactive high-level object-oriented language (version 3.10)
ii python3.10-dev 3.10.6-1~22.04 amd64 Header files and a static library for Python (v3.10)
ii python3.10-minimal 3.10.6-1~22.04 amd64 Minimal subset of the Python language (version 3.10)
ii python3.10-venv 3.10.6-1~22.04 amd64 Interactive high-level object-oriented language (pyvenv binary, version 3.10)

tags: added: verification-done-jammy
removed: verification-needed-jammy
Revision history for this message
cesar (paschubu) wrote :

same here, with kodi!!. the problem is fixed.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (python3-defaults/3.10.6-1~22.04)

All autopkgtests for the newly accepted python3-defaults (3.10.6-1~22.04) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

python-etelemetry/0.3.0-1 (ppc64el, arm64, amd64, s390x, armhf)
python-hypothesis/6.36.0-1 (armhf)
mercurial/6.1.1-1ubuntu1 (amd64)
deepdiff/5.6.0-2 (ppc64el, arm64, amd64, s390x, armhf)
libreoffice/1:7.3.5-0ubuntu0.22.04.1 (armhf)
mdanalysis/2.0.0+dfsg1-4build1 (armhf)
bambam/1.1.2+dfsg-3 (amd64)
gyoto/1.4.4-7build1 (arm64)
lazr.delegates/2.0.3-2 (armhf)
metakernel/0.27.5-3 (armhf)
loguru/0.6.0-1 (arm64, amd64, s390x)
mypy/0.942-1 (ppc64el, arm64, amd64, s390x, armhf)
pyscanfcs/0.3.6+ds-2build4 (armhf)
python-pynndescent/0.5.2+dfsg-1 (amd64, ppc64el, arm64)
slixmpp/1.7.1-1build1 (ppc64el)
python-ftputil/5.0.3-1 (arm64)
python-pygit2/1.6.1+dfsg-2 (armhf)
livecd-rootfs/2.765.10 (arm64)
txzmq/0.8.0-2 (armhf)
python-parameterized/0.8.1-3 (i386)
adsys/0.8.5~22.04 (armhf)
systemd/249.11-0ubuntu3.4 (armhf)
python-nacl/1.5.0-2 (ppc64el)
regina-normal/7.0-2build1 (armhf)
apport/2.20.11-0ubuntu82.1 (amd64)
translate-toolkit/3.6.0-2 (arm64, s390x, armhf)
umap-learn/0.4.5+dfsg-2 (ppc64el)
einsteinpy/0.3.0-2 (arm64)
imdbpy/2021.04.18-3 (armhf)
python-molotov/2.1-3 (amd64)
ipyparallel/7.1.0-1 (arm64)
python-json5/0.9.6-1 (armhf)
insilicoseq/1.5.4-2 (amd64)
pyopencl/2021.2.13-1build1 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#python3-defaults

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Graham Inggs (ginggs) wrote :

After some retries, the regressions were reduced to:

loguru/0.6.0-1 (arm64, amd64, s390x)
mypy/0.942-1 (ppc64el, arm64, amd64, s390x, armhf)

These are test failures already fixed in kinetic. I'm investigating SRUs for these two packages.

Revision history for this message
Graham Inggs (ginggs) wrote :

loguru SRU tracked in LP: #1988861

mypy SRU tracked in LP: #1988862

Revision history for this message
Graham Inggs (ginggs) wrote :

All autopkgtest regressions resolved with loguru/0.6.0-1ubuntu1 and mypy/0.942-1ubuntu1.

tags: added: verification-done
removed: verification-needed
Revision history for this message
cesar (paschubu) wrote :

thanks... and again all fixed with kodi with this version!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python3.10 - 3.10.6-1~22.04

---------------
python3.10 (3.10.6-1~22.04) jammy-proposed; urgency=medium

  * SRU: LP: #1982108: Backport 3.10.6 to 20.04 LTS.

python3.10 (3.10.6-1) unstable; urgency=medium

  * Python 3.10.6 release.

  [ Leonidas Da Silva Barbosa ]
  * SECURITY UPDATE: Injection Attack
    - debian/patches/CVE-2015-20107.patch: Make mailcap refuse to match unsafe
      filenames/types/param in Lib/mailcap.py, Lib/test/test_mailcap.py.
    - CVE-2015-20107

python3.10 (3.10.5-1) unstable; urgency=medium

  * Python 3.10.5 release.
  * Update VCS attributes.

python3.10 (3.10.4-4) unstable; urgency=medium

  * Source-only upload.
  * Backport gh-78214: marshal: Stabilize FLAG_REF usage. Closes: #1010368.

 -- Matthias Klose <email address hidden> Wed, 10 Aug 2022 13:40:04 +0200

Changed in python3.10 (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package python3-defaults - 3.10.6-1~22.04

---------------
python3-defaults (3.10.6-1~22.04) jammy-proposed; urgency=medium

  * SRU: LP: #1982108. Update to Python 3.10.6 in Ubuntu 22.04 LTS.

python3-defaults (3.10.6-1) unstable; urgency=medium

  * Bump version to 3.10.6.

python3-defaults (3.10.5-3) unstable; urgency=medium

  * Source-only upload.

 -- Matthias Klose <email address hidden> Thu, 18 Aug 2022 12:39:04 +0200

Changed in python3-defaults (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for python3-defaults has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.