Bug 1935682 - python-yarl: FTBFS in Fedora rawhide
Summary: python-yarl: FTBFS in Fedora rawhide
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: python-yarl
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Fabian Affolter
QA Contact: Fedora Extras Quality Assurance
URL: https://koschei.fedoraproject.org/pac...
Whiteboard:
Depends On:
Blocks: F35FTBFS PYTHON3.10
TreeView+ depends on / blocked
 
Reported: 2021-03-05 11:30 UTC by Tomáš Hrnčiar
Modified: 2021-06-14 10:13 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-06-14 10:13:34 UTC
Type: Bug


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github aio-libs yarl issues 563 0 None open Fail test_semicolon_as_separator with Python 3.9.2 and Python 3.8.8 2021-05-12 13:04:42 UTC

Description Tomáš Hrnčiar 2021-03-05 11:30:01 UTC
Description of problem:
Package python-yarl fails to build from source in Fedora rawhide.

Version-Release number of selected component (if applicable):
1.6.3-3.fc34

Steps to Reproduce:
koji build --scratch f35 python-yarl-1.6.3-3.fc34.src.rpm

Additional info:
This package is tracked by Koschei. See:
https://koschei.fedoraproject.org/package/python-yarl

Comment 1 Miro Hrončok 2021-05-12 13:03:40 UTC
It started to fail since Python 3.9.2:

=================================== FAILURES ===================================
_________________________ test_semicolon_as_separator __________________________
    def test_semicolon_as_separator():
        u = URL("http://127.0.0.1/?a=1;b=2")
>       assert len(u.query) == 2
E       assert 1 == 2
E         +1
E         -2
tests/test_url_query.py:67: AssertionError
----------- coverage: platform linux, python 3.9.5-final-0 -----------
Name                  Stmts   Miss  Cover
-----------------------------------------
yarl/__init__.py          3      3     0%
yarl/_quoting.py         10     10     0%
yarl/_quoting_py.py     155    155     0%
yarl/_url.py            569    569     0%
-----------------------------------------
TOTAL                   737    737     0%
=========================== short test summary info ============================
FAILED tests/test_url_query.py::test_semicolon_as_separator - assert 1 == 2
================== 1 failed, 1005 passed, 2 xfailed in 3.00s ===================

This is related to the fix of CVE-2021-23336: Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters​.

See https://www.python.org/downloads/release/python-392/

tl;dr: it won't split query parameters on semicolon by default any more.

Comment 2 Miro Hrončok 2021-05-12 13:04:46 UTC
Upstream report is https://github.com/aio-libs/yarl/issues/563

Comment 3 Miro Hrončok 2021-06-04 20:13:34 UTC
This is a mass-posted update. Sorry if it is not 100% accurate to this bugzilla.


The Python 3.10 rebuild is in progress in a Koji side tag. If you manage to fix the problem, please commit the fix in the rawhide branch, but don't build the package in regular rawhide.

You can either build the package in the side tag, with:

    $ fedpkg build --target=f35-python

Or you can the build and we will eventually build it for you.

Note that the rebuild is still in progress, so not all (build) dependencies of this package might be available right away.

Thanks.

See also https://fedoraproject.org/wiki/Changes/Python3.10

If you have general questions about the rebuild, please use this mailing list thread: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/G47SGOYIQLRDTWGOSLSWERZSSHXDEDH5/

Comment 4 Miro Hrončok 2021-06-07 22:58:20 UTC
The f35-python side tag has been merged to Rawhide. From now on, build as you would normally build.

Comment 5 Miro Hrončok 2021-06-14 10:13:34 UTC
The package built. A test was disabled but the test cannot work. it has been reported to upstream.


Note You need to log in before you can comment on or make changes to this bug.