python3.4 autopkg test failures
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | python3.3 (Ubuntu) |
High
|
Unassigned | ||
| | python3.4 (Ubuntu) |
High
|
Unassigned | ||
| | Trusty |
High
|
Unassigned | ||
Bug Description
see
https:/
disabled these in the autopkg tests for now. need some investigation
CVE References
| Matthias Klose (doko) wrote : | #1 |
| Launchpad Janitor (janitor) wrote : | #2 |
This bug was fixed in the package python3.4 - 3.4~b1-4ubuntu4
---------------
python3.4 (3.4~b1-4ubuntu4) trusty; urgency=medium
* Disable test_compileall for the autopkg tests, fails only there.
-- Matthias Klose <email address hidden> Sat, 28 Dec 2013 01:47:57 +0100
| Changed in python3.4 (Ubuntu): | |
| status: | New → Fix Released |
| Changed in python3.4 (Ubuntu): | |
| status: | Fix Released → Confirmed |
| Changed in python3.3 (Ubuntu): | |
| status: | New → Confirmed |
| Matthias Klose (doko) wrote : | #3 |
won't fix anymore for 3.3, removed in trusty
| Changed in python3.3 (Ubuntu): | |
| status: | Confirmed → Won't Fix |
| Matthias Klose (doko) wrote : | #4 |
need to investigate: test_importlib, test_non_
FAIL: test_non_
-------
Traceback (most recent call last):
File "/scratch/
import foo.two
AssertionError: ImportError not raised
| Launchpad Janitor (janitor) wrote : | #5 |
This bug was fixed in the package python3.4 - 3.4.0-2ubuntu1
---------------
python3.4 (3.4.0-2ubuntu1) trusty; urgency=medium
* Fix a distutils test error, skip a Solaris distutils test error.
* Fix the importlib test failures, caused by moving around the test data.
Delay looking at one remaining test failure, see LP: #1264554.
* Skip the test_platform encoding test, failing with the lsb-release patch.
* d/p/distutils-
"am I in a virtual environment" tests to include checking
sys.base_prefix != sys.prefix. This is the definitive such test for
pyvenv created virtual environments (Barry Warsaw).
* Don't yet install the ensurepip module, requires further work.
ensurepip wants to install bundled modules setuptools and python-pip,
which should be built from the Ubuntu packages instead of using the
bundled code.
-- Matthias Klose <email address hidden> Fri, 11 Apr 2014 13:44:05 +0200
| Changed in python3.4 (Ubuntu): | |
| status: | Confirmed → Fix Released |
| Changed in python3.4 (Ubuntu): | |
| status: | Fix Released → New |
| Launchpad Janitor (janitor) wrote : | #6 |
This bug was fixed in the package python3.4 - 3.4.1~rc1-1ubuntu3
---------------
python3.4 (3.4.1~
* Set a temporary home directory for the autopkg tests.
* Fix issue #17752, test_distutils failures in the installed location.
-- Matthias Klose <email address hidden> Wed, 07 May 2014 00:10:07 +0200
| Changed in python3.4 (Ubuntu): | |
| status: | New → Fix Released |
| no longer affects: | python3.3 (Ubuntu Trusty) |
Hello Matthias, or anyone else affected,
Accepted python3.4 into trusty-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
| Changed in python3.4 (Ubuntu Trusty): | |
| status: | New → Fix Committed |
| tags: | added: verification-needed |
| Martin Pitt (pitti) wrote : | #9 |
Still fails: https:/
=======
ERROR: test_dh_params (test.test_
-------
Traceback (most recent call last):
File "/usr/lib/
chatty=True, connectionchatt
File "/usr/lib/
s.connect(
File "/usr/lib/
self.
File "/usr/lib/
self.
File "/usr/lib/
self.
ssl.SSLError: [SSL: SSL_NEGATIVE_
| Martin Pitt (pitti) wrote : | #10 |
Same error in the cloud tests: http://
| Martin Pitt (pitti) wrote : | #11 |
This is caused by a recent OpenSSL update in trusty-security. This needs https:/
| tags: |
added: verification-failed removed: verification-needed |
| Adam Conrad (adconrad) wrote : | #12 |
Hello Matthias, or anyone else affected,
Accepted python3.4 into trusty-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
| tags: | removed: verification-failed |
| tags: | added: verification-needed |
| Matthias Klose (doko) wrote : | #13 |
confirmed that 3.4.3-1ubuntu1~
| tags: |
added: verification-done removed: verification-needed |
| Martin Pitt (pitti) wrote : | #14 |
Confirmed, http://
| Páll Haraldsson (pall-haraldsson) wrote : | #15 |
The changelog says "replacing the 512 bit dh key with a 2014 bit one" coming from this:
"This is caused by a recent OpenSSL update in trusty-security. This needs https:/
That commit says the same, but looking (closer at it) at the file it confirms, 2014 (an odd number) is a typo(s) for 1024. [I wander if the changelog here (or in Debian and Python) needs to be updated, or even if it is a possibility to change retroactively. I guess you could add a correction entry..]
This also does:
http://
and confirms the change was also made for Python 2.7. I can't see a similar update done to it (or [lib]python2.
| Changed in python3.4 (Ubuntu): | |
| importance: | Undecided → High |
| Changed in python3.4 (Ubuntu Trusty): | |
| importance: | Undecided → High |
| Launchpad Janitor (janitor) wrote : | #16 |
This bug was fixed in the package python3.4 - 3.4.3-1ubuntu1~
---------------
python3.4 (3.4.3-
* Backport issue #23844 from the 3.4 branch, replacing the 512 bit dh key
with a 2014 bit one. Triggered by OpenSSL security update in
trusty-
* Fix expansion of makefile macros for _sysconfigdata. Issue #24705.
python3.4 (3.4.3-
* SRU: Update Python3 for trusty. LP: #1348954.
python3.4 (3.4.3-1ubuntu1) vivid; urgency=medium
* debian/tests: Use init system agnostic "service" command instead of
upstart specific "stop". Also drop unnecessary "status" call right after
stopping apport.
python3.4 (3.4.3-1) experimental; urgency=medium
* Python 3.4.3 release.
* Changes since 20141202 (3.4.2-4):
- Issue #22896: Avoid using PyObject_
PyObject_
- Issue #21295: Revert some changes (issue #16795) to AST line numbers and
column offsets that constituted a regression.
- Issue #21408: The default __ne__() now returns NotImplemented if __eq__()
returned NotImplemented.
- Issue #23321: Fixed a crash in str.decode() when error handler returned
replacment string longer than mailformed input data.
- Issue #23048: Fix jumping out of an infinite while loop in the pdb.
- Issue #23165: Perform overflow checks before allocating memory in the
_
- Issue #23099: Closing io.BytesIO with exported buffer is rejected now to
prevent corrupting exported buffer.
- Issue #23363: Fix possible overflow in itertools.
- Issue #23364: Fix possible overflow in itertools.product.
- Issue #23366: Fixed possible integer overflow in itertools.
- Issue #23369: Fixed possible integer overflow in
_
- Issue #23353: Fix the exception handling of generators in
PyEval_
PyEval_
state is now always restored or swapped, not only if why is WHY_YIELD or
WHY_RETURN.
- Issue #18518: timeit now rejects statements which can't be compiled
outside a function or a loop (e.g. "return" or "break").
- Issue #23094: Fixed readline with frames in Python implementation of
pickle.
- Issue #23268: Fixed bugs in the comparison of ipaddress classes.
- Issue #21408: Removed incorrect implementations of __ne__() which didn't
returned NotImplemented if __eq__() returned NotImplemented. The default
__ne__() now works correctly.
- Issue #19996: :class:
(malformed) headers with no key rather than amusing the body has started.
- Issue #23248: Update ssl error codes from latest OpenSSL git master.
- Issue #23098: 64-bit dev_t is now supported in the os module.
- Issue #23250: In the http.cookies module, capitalize "HttpOnly" and
"Secure" as they are written in the standard.
- Issue #23...
| Changed in python3.4 (Ubuntu Trusty): | |
| status: | Fix Committed → Fix Released |
| Chris J Arges (arges) wrote : Update Released | #17 |
The verification of the Stable Release Update for python3.4 has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.
| Changed in python3.3 (Ubuntu): | |
| importance: | Undecided → High |
| Steve Langasek (vorlon) wrote : | #18 |
python3.4 3.4.3-1ubuntu1~
| Changed in python3.4 (Ubuntu Trusty): | |
| status: | Fix Released → Triaged |
| tags: | removed: verification-done |
Hello Matthias, or anyone else affected,
Accepted python3.4 into trusty-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-
Further information regarding the verification process can be found at https:/
| Changed in python3.4 (Ubuntu Trusty): | |
| status: | Triaged → Fix Committed |
| tags: | added: verification-needed |
| Steve Langasek (vorlon) wrote : | #20 |
Something has changed between the ~14.04.1 upload and the ~14.04.3 upload, and these tests are no longer passing on the autopkgtest infrastructure. So this bug is unfortunately verification-
However, this is not a regression and the tests in question have passed as part of the package build; so this may be a regression in the autopkgtest environment rather than in the package. So since the python3.4 SRU is somewhat urgent after the previous one has been withdrawn, I'm going to go ahead with releasing this.
| Launchpad Janitor (janitor) wrote : | #21 |
This bug was fixed in the package python3.4 - 3.4.3-1ubuntu1~
---------------
python3.4 (3.4.3-
* Remove the config file from the package, as there is no handling in
place to deal with this config file on upgrade and it is not appropriate
for inclusion in an urgent SRU.
-- Steve Langasek <email address hidden> Wed, 14 Oct 2015 12:52:19 -0700
| Changed in python3.4 (Ubuntu Trusty): | |
| status: | Fix Committed → Fix Released |
| Changed in python3.4 (Ubuntu Trusty): | |
| status: | Fix Released → Triaged |
| Martin Pitt (pitti) wrote : | #22 |
For the record, this reproduces perfectly well in local QEMU:
adt-run --apt-pocket=
so this is not specific to the production CI environment. -s starts a shell after failure; after that the failure can be reproduced more quickly and directly:
$ python3.4 -W default -bb -E -R -m test -j 1 -w -uall,-
[...]
=======
ERROR: testRecvmsgPeek (test.test_
-------
Traceback (most recent call last):
File "/usr/lib/
socket.
File "/usr/lib/
result = sock.recvmsg(
OSError: [Errno 14] Bad address
=======
ERROR: testRecvmsgPeek (test.test_
-------
Traceback (most recent call last):
File "/usr/lib/
socket.
File "/usr/lib/
result = sock.recvmsg_
OSError: [Errno 14] Bad address
However, downgrading the packages to 3.4.3-1ubuntu1~
| Martin Pitt (pitti) wrote : | #23 |
Even faster:
$ python3.4 -W default -bb -E -R -m test -j 1 -v -m testRecvmsgPeek -uall,-
Attaching strace for one of the failed tests. The interesting part:
[pid 10253] socket(PF_INET6, SOCK_DGRAM|
[pid 10253] bind(4, {sa_family=
[pid 10253] getsockname(4, {sa_family=
[pid 10253] getsockname(4, {sa_family=
[pid 10253] recvmsg(4, <unfinished ...>
[pid 10253] <... recvmsg resumed> 0x7ffef846d890, MSG_PEEK) = -1 EFAULT (Bad address)
EFAULT is documented as "The receive buffer pointer(s) point outside the process's address space", hmm.
| Launchpad Janitor (janitor) wrote : | #24 |
This bug was fixed in the package python3.4 - 3.4.3-1ubuntu1~
---------------
python3.4 (3.4.3-
* SECURITY UPDATE: StartTLS stripping attack
- debian/
STARTTLS fails in Lib/smtplib.py.
- CVE-2016-0772
* SECURITY UPDATE: use of HTTP_PROXY flag supplied by attacker in CGI
scripts (aka HTTPOXY attack)
- debian/
script, forget HTTP_PROXY in Lib/urllib.py, add test to
Lib/
- CVE-2016-1000110
* SECURITY UPDATE: Integer overflow when handling zipfiles
- debian/
Modules/
- debian/
Modules/
- CVE-2016-5636
* SECURITY UPDATE: CRLF injection vulnerability in the
HTTPConnect
- debian/
putheader() arguments when not followed by spaces or tabs in
Lib/
- CVE-2016-5699
-- Steve Beattie <email address hidden> Wed, 16 Nov 2016 12:38:40 -0800
| Changed in python3.4 (Ubuntu Trusty): | |
| status: | Triaged → Fix Released |
test_compileall fails on the autopkg test setup only