Bug 2059951

Summary: Please backport testsuite fix into python in RHEL 9
Product: Red Hat Enterprise Linux 9 Reporter: Tomas Korbar <tkorbar>
Component: python3.9Assignee: Charalampos Stratakis <cstratak>
Status: CLOSED ERRATA QA Contact: Lukáš Zachar <lzachar>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0CC: cstratak, torsava
Target Milestone: rcKeywords: Rebase, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python3.9-3.9.13-1.el9 Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2060435 (view as bug list) Environment:
Last Closed: 2022-11-15 11:20:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2056970, 2067201    
Bug Blocks: 2057014, 2060435, 2064169    

Description Tomas Korbar 2022-03-02 11:53:39 UTC 
Description of problem:
Hi python maintainers,
I plan to fix blocker CVE in expat library for RHEL 9. This fix
makes expat parsing more strict and breaks pythons testsuite.
https://github.com/python/cpython/commit/2cae93832f46b245847bdc252456ddf7742ef45e

This commit fixes the issue.

Version-Release number of selected component (if applicable):


How reproducible:
Try to compile python with this https://kojihub.stream.rdu2.redhat.com/koji/taskinfo?taskID=1022352 version of expat library.

Actual results:
Testsuite failure

Expected results:
Testsuite finishes successfully.
Comment 1 Miro Hrončok 2022-03-02 11:58:40 UTC 
Feel free to not block the CVE fix on this.
Comment 2 Charalampos Stratakis 2022-03-03 02:20:51 UTC 
Hey Tomas,

Thanks for notifying us!

Do you plan to backport the fix or rebase?

Asking as the upstream python test suite fix is checking for the version string coming from pyexpat.version_info to determine the proper tests to run.
Comment 6 Tomas Orsava 2022-05-04 12:20:26 UTC 
The expat component has been rebased, therefore we no longer need a downstream patch for python3 after we rebase to the latest python 3.9 version.

Next action: Rebase Python 3.9 in RHEL 9 to the latest version.
Comment 13 errata-xmlrpc 2022-11-15 11:20:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: python3.9 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:8353