[Bug 1934132] Re: SRU: backport Python 3.8.11 to 20.04 LTS and 20.10

Brian Murray 1934132 at bugs.launchpad.net
Fri Jul 26 16:09:10 UTC 2024 

Ubuntu 20.10 (Groovy Gorilla) has reached end of life, so this bug will
not be fixed for that specific release.

** Changed in: python3.8 (Ubuntu Groovy)
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python3.8 in Ubuntu.
https://bugs.launchpad.net/bugs/1934132

Title:
  SRU: backport Python 3.8.11 to 20.04 LTS and 20.10

Status in python3.8 package in Ubuntu:
  Confirmed
Status in python3.8 source package in Focal:
  Confirmed
Status in python3.8 source package in Groovy:
  Won't Fix

Bug description:
  As done with LP: #1928057, backport the 3.8.11 release to focal and
  groovy, consisting of security updates and a fix for a regression
  introduced in 3.8.10 (we already fixed sssd to pass its tests with
  3.8.10).

  Changes are:

  Security
  --------

  - bpo-44022: mod:`http.client` now avoids infinitely reading potential HTTP
    headers after a ``100 Continue`` status response from the server.

  - bpo-43882: The presence of newline or tab characters in parts of a URL
    could allow some forms of attacks.

    Following the controlling specification for URLs defined by WHATWG
    :func:`urllib.parse` now removes ASCII newlines and tabs from URLs,
    preventing such attacks.

  - bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame,
    and generator code/frame attribute access.

  Core and Builtins
  -----------------

  - bpo-44070: No longer eagerly makes import filenames absolute, except for
    extension modules, which was introduced in 3.8.10.

  Library
  -------

  - bpo-44061: Fix regression in previous release when calling
    :func:`pkgutil.iter_modules` with a list of :class:`pathlib.Path` objects

  
  Validation: Test suite passes during the build, and all triggered autopkg tests pass.  I don't think we need another complete test rebuild with these changes.

  Regression potential: Low, we already had the test rebuild with
  3.8.10, and these changes are very targeted.

  Building the packages in the ubuntu-toolchain-r/ppa PPA with only the
  security pocket enabled, so these build can be binary-copied to the
  updates and security pockets.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3.8/+bug/1934132/+subscriptions

More information about the foundations-bugs mailing list