Bug#931044: installing python3.4 fails
Hi, Since the bug report was indicating that the issue was fixed in 3.4.2-1+deb8u4, I've tried to apply upgrades and it seems to have upgraded successfully. So the fix seems to work for me! signature.asc Description: OpenPGP digital signature
Bug#931044: installing python3.4 fails
Package: python3.4 Version: 3.4.2-1+deb8u3 Followup-For: Bug #931044 The following fix could be applied to the faulty Python standard library file ultimately used by the /var/lib/dpkg/info/python3.4.postinst script: --- /usr/lib/python3.4/http/client.py 2019-06-25 14:41:35.0 +0200 +++ /usr/lib/python3.4/http/client.py 2019-06-25 14:41:55.0 +0200 @@ -1011,8 +1011,9 @@ # Prevent CVE-2019-9740. match = _contains_disallowed_url_pchar_re.search(url) if match: -raise InvalidURL(f"URL can't contain control characters. {url!r} " - f"(found at least {match.group()!r})") +raise InvalidURL("URL can't contain control characters. {url!r} " + "(found at least {group!r})" + .format(url=url, group=match.group())) request = '%s %s %s' % (method, url, self._http_vsn_str) # Non-ASCII characters should have been eliminated earlier Sorry to provide this patch inline, but I am using the textual bug reporting interface! I imagine that this regression has occurred because someone has applied the noted vulnerability countermeasure without backporting it to the syntax understood by Python 3.5 or earlier. I hope this helps others experiencing the same problem. Paul -- System Information: Debian Release: 8.11 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: i386 (i686) Kernel: Linux 3.16.0-9-586 Locale: LANG=en_GB.ISO-8859-15, LC_CTYPE=en_GB.ISO-8859-15 (charmap=ISO-8859-15) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages python3.4 depends on: ii libpython3.4-stdlib 3.4.2-1+deb8u3 ii mime-support 3.58 ii python3.4-minimal3.4.2-1+deb8u3 python3.4 recommends no packages. Versions of packages python3.4 suggests: ii binutils2.25-5+deb8u1 pn python3.4-doc pn python3.4-venv -- no debconf information
Bug#931044: installing python3.4 fails
Re: Andreas Bießmann 2019-06-25 <12977de3-730f-e342-ec86-b574439e7...@biessmann.de> > Setting up python3.4 (3.4.2-1+deb8u3) ... > File "/usr/lib/python3.4/http/client.py", line 1014 > raise InvalidURL(f"URL can't contain control characters. {url!r} " > ^ > SyntaxError: invalid syntax Looks like the fix for this: * CVE-2019-9740, CVE-2019-9947 Issue #30458: Disallow control chars in http URLs in urllib.urlopen. Roberto? Christoph
Bug#931044: installing python3.4 fails
Package: python3.4 Version: 3.4.2-1+deb8u3 When I try to upgrade my packages it fails due to f-string in python3.4 code: % LANG=C sudo apt full-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] Setting up python3.4 (3.4.2-1+deb8u3) ... File "/usr/lib/python3.4/http/client.py", line 1014 raise InvalidURL(f"URL can't contain control characters. {url!r} " ^ SyntaxError: invalid syntax dpkg: error processing package python3.4 (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: python3.4 E: Sub-process /usr/bin/dpkg returned an error code (1) LANG=C sudo apt full-upgrade 5,37s user 1,38s system 83% cpu 8,085 total % cat /etc/debian_version 8.11 I suggest to replace the f-string to one of the two supported mechanism in < python3.6. I think the surroundings (libc, kernel, ...) are unimportant here. kind regards, Andreas Bießmann