unpushed

python3.13-3.13.1-1.fc42

FEDORA-2024-3f975b9c0e created by cstratak 2 months ago for Fedora 42

Automatic update for python3.13-3.13.1-1.fc42.

Changelog
* Tue Dec  3 2024 Charalampos Stratakis <cstratak@redhat.com> - 3.13.1-1
- Update to 3.13.1
- Security fix for CVE-2024-9287
- Fixes: rhbz#2321657

This update was automatically created

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update's test gating status has been changed to 'failed'.

2 months ago
User Icon adamwill commented & provided feedback 2 months ago
karma

So, this seems to break anaconda in network install image (but not ostree installer image, interestingly). This is consistent across 8 runs (BIOS/UEFI, each repeated once, on prod and stg). In the logs we see:

23:36:19,204 INF core.threads: Thread Failed: AnaPayloadThread (140120481064640)
23:36:19,205 DBG exception: running handleException
23:36:19,212 CRT exception: Traceback (most recent call last):

  File "/usr/lib64/python3.13/site-packages/pyanaconda/core/threads.py", line 280, in run
    threading.Thread.run(self)
    ~~~~~~~~~~~~~~~~~~~~^^^^^^

  File "/usr/lib64/python3.13/threading.py", line 992, in run
    self._target(*self._args, **self._kwargs)
    ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  File "/usr/lib64/python3.13/site-packages/pyanaconda/payload/manager.py", line 111, in _task_run_callback
    self._run(*args, **kwargs)
    ~~~~~~~~~^^^^^^^^^^^^^^^^^

  File "/usr/lib64/python3.13/site-packages/pyanaconda/payload/manager.py", line 162, in _run
    payload.setup(self.report_progress, **kwargs)
    ~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  File "/usr/lib64/python3.13/site-packages/pyanaconda/payload/dnf/payload.py", line 280, in setup
    set_up_sources(self.proxy)
    ~~~~~~~~~~~~~~^^^^^^^^^^^^

  File "/usr/lib64/python3.13/site-packages/pyanaconda/ui/lib/payload.py", line 127, in set_up_sources
    sync_run_task(task_proxy)
    ~~~~~~~~~~~~~^^^^^^^^^^^^

  File "/usr/lib64/python3.13/site-packages/pyanaconda/modules/common/task/__init__.py", line 46, in sync_run_task
    while task_proxy.IsRunning:
          ^^^^^^^^^^^^^^^^^^^^

  File "/usr/lib/python3.13/site-packages/dasbus/client/proxy.py", line 164, in __getattr__
    return member.get()
           ~~~~~~~~~~^^

  File "/usr/lib/python3.13/site-packages/dasbus/client/property.py", line 43, in get
    return self.__get__(None, None)  # pylint: disable=unnecessary-dunder-call
           ~~~~~~~~~~~~^^^^^^^^^^^^

  File "/usr/lib/python3.13/site-packages/dasbus/client/property.py", line 54, in __get__
    return self._getter()
           ~~~~~~~~~~~~^^

  File "/usr/lib/python3.13/site-packages/dasbus/client/handler.py", line 382, in _get_property_value
    variant = self._call_method(
        "org.freedesktop.DBus.Properties",
    ...<4 lines>...
        property_spec.name
    )

  File "/usr/lib/python3.13/site-packages/dasbus/client/handler.py", line 450, in _call_method
    return self._get_method_reply(
           ~~~~~~~~~~~~~~~~~~~~~~^
        self._client.sync_call,
        ^^^^^^^^^^^^^^^^^^^^^^^
        *args,
        ^^^^^^
        **kwargs,
        ^^^^^^^^^
    )
    ^

  File "/usr/lib/python3.13/site-packages/dasbus/client/handler.py", line 483, in _get_method_reply
    return self._handle_method_error(error)
           ~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^

  File "/usr/lib/python3.13/site-packages/dasbus/client/handler.py", line 509, in _handle_method_error
    raise exception from None

dasbus.error.DBusError: Message recipient disconnected from message bus without replying

weirdly, there's a somewhat similar bug that showed up recently caused by a pygobject3 update: https://bugzilla.redhat.com/show_bug.cgi?id=2329587 . But I think that's just a coincidence.

It's late RN, will look into this more in the morning. @churchyard for info

This update has been unpushed.

User Icon churchyard commented & provided feedback 2 months ago

I opened https://bugzilla.redhat.com/2330562 so we can track this.

User Icon churchyard commented & provided feedback 2 months ago

In the meantime, FEDORA-2024-0c29724c11 replaces this (a new security fix in Python) and FEDORA-2024-1d97254ea9 fixes this in libdnf.


Please login to add feedback.

Metadata
Type
security
Karma
-1
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
0 days
Thresholds
Minimum Karma
+0
Minimum Testing
0 days
Dates
submitted
2 months ago
in testing
2 months ago
BZ#2321657 CVE-2024-9287 python3.13: Virtual environment (venv) activation scripts don't quote paths [fedora-all]
0
0

Automated Test Results