Bug 1024029

Summary: python 3 version in F18 is lacking security updates
Product: [Fedora] Fedora Reporter: Stijn Hoop <stijn>
Component: python3Assignee: Matej Stuchlik <mstuchli>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: a.badger, amcnabb, bkabrda, jberan, mstuchli, tomspur
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python3-3.3.0-4.fc18 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-08 04:32:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
git format-patch origin/f18.. after merge from master none

Description Stijn Hoop 2013-10-28 15:58:27 UTC 
The python3 package in F18 is not up to date.

$ rpm -qa python3\*
python3-devel-3.3.0-1.fc18.x86_64
python3-libs-3.3.0-1.fc18.x86_64
python3-3.3.0-1.fc18.x86_64

While 3.3.2 is already out and 3.3.3 is in RC phase.

Please update python3 in F18, preferably to 3.3.3 if it is out before F18 EOL. At the least to 3.3.2 as it presumably fixes security bugs according to the official changelog page

http://docs.python.org/3.3/whatsnew/changelog.html
Comment 1 Toshio Ernie Kuratomi 2013-10-29 03:13:42 UTC 
See also: https://bugzilla.redhat.com/show_bug.cgi?id=963261  not sure from that bug if the plan for F18 was just to backport the security fix or to update the package to a new upstream version.
Comment 2 Stijn Hoop 2013-10-29 08:45:16 UTC 
Created attachment 817004 [details]
git format-patch origin/f18.. after merge from master

Interesting that the upgrade seemed to be hard in F18 (as noted in bug 963261 comment 3 ).

I went ahead and did a simple

$ fedpkg clone -a python3
$ git checkout -b f18 origin/f18
$ git merge origin/master

This resulted in one conflict which was easily resolved. The resulting RPM works on my F18 system as far as I can see. I'm interested in the mentioned difficulties, maybe I missed something?

Attached is an archive with patches from

$ git format-patch origin/f18..

I hope it helps.
Comment 3 Bohuslav "Slavek" Kabrda 2013-10-29 09:11:21 UTC 
First of all, thanks for the patches!
The thing is, I don't really want to update from 3.3.0 to 3.3.2 since I'm afraid that might introduce some regressions. Cherry picking just the security fixes would be much safer approach, IMO. I'll try to get to this ASAP (or ask someone to get to it), I know I've forgotten to do this and it should be high prio. Sorry for any inconvenience.
Comment 4 Stijn Hoop 2013-10-29 09:21:06 UTC 
OK, after re-reading

http://fedoraproject.org/wiki/Updates_Policy#All_other_updates

I see that you are correct in backporting only the security fixes. Thanks for the response!
Comment 5 Fedora Update System 2013-10-30 14:03:50 UTC 
python3-3.3.0-4.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/python3-3.3.0-4.fc18
Comment 6 Fedora Update System 2013-10-31 02:59:09 UTC 
Package python3-3.3.0-4.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing python3-3.3.0-4.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-20336/python3-3.3.0-4.fc18
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2013-11-08 04:32:49 UTC 
python3-3.3.0-4.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.