stable

python3.10-3.10.8-3.fc35

FEDORA-2022-f44dd1bec2 created by thrnciar 2 years ago for Fedora 35

Security fix for CVE-2022-42919

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2022-f44dd1bec2

This update has been submitted for testing by thrnciar.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'failed'.

2 years ago

churchyard edited this update.

2 years ago
User Icon churchyard commented & provided feedback 2 years ago
karma

Basic Python usage and dnf still works.

User Icon adamwill commented & provided feedback 2 years ago

I'm honestly not sure why the openQA tests are failing here. What's happening is it's running koji download-build --arch=x86_64 --arch=noarch python-unversioned-command-3.10.8-2.fc35 2> download.log , and from the console output that looks like it works fine, but for some reason it returns a non-zero error code. We can tell this because it then runs the grep 'No .*available for $nvr' download.log - it only does that if the koji download-build command fails. That grep is a kind of backstop for a known "this is fine" condition, but since the grep command also fails (i.e. it doesn't find that text), the test fails.

I don't know why the koji download-build command is apparently working OK but returning non-zero.

User Icon adamwill commented & provided feedback 2 years ago

sorry, the command it runs is koji download-build --arch=x86_64 --arch=noarch python3.10-3.10.8-2.fc35 2> download.log.

User Icon adamwill commented & provided feedback 2 years ago

Oh wow, when I run that manually, I get:

Downloaded rpm python-unversioned-command-3.10.8-2.fc35.noarch.rpm size 10208 does not match db size 10206, deleting

so, that's the problem, I guess. @kevin ?

User Icon kevin commented & provided feedback 2 years ago

This is really weird. The armv7 job appears to have finished multiple times. ;( Could be related to https://pagure.io/releng/issue/11095 so will debug there.

churchyard edited this update.

New build(s):

  • python3.10-3.10.8-3.fc35

Removed build(s):

  • python3.10-3.10.8-2.fc35

Karma has been reset.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'passed'.

2 years ago
User Icon churchyard commented & provided feedback 2 years ago
karma

The package was replaced with python3.10-3.10.8-3.fc35 to fix BZ#2142602 and the tests now run correctly. I can also confirm that the bug is fixed.

BZ#2142602 Missing dependency for python3-idle on python3-test

This update has been pushed to testing.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
6
Stable by Time
14 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#2138705 CVE-2022-42919 python: local privilege escalation via the multiprocessing forkserver start method
0
0
BZ#2138709 CVE-2022-42919 python3.10: python: local privilege escalation via the multiprocessing forkserver start method [fedora-all]
0
0
BZ#2142602 Missing dependency for python3-idle on python3-test
0
1

Automated Test Results