[Bug 1901606] Re: security update broke module import in libpam-python, "from httplib2 import Http" fails now
xenial fix verified, thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1901606 Title: security update broke module import in libpam-python, "from httplib2 import Http" fails now To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam-python/+bug/1901606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1901606] Re: security update broke module import in libpam-python, "from httplib2 import Http" fails now
This issue has been resolved in the following Ubuntu releases: xenial: 1.0.4-1.1+deb8u1ubuntu0.1 bionic: 1.0.6-1.1+deb10u1ubuntu0.1 Please note that the version of pam-python in focal and groovy (1.0.7-1ubuntu1) will still prevent loading 3rd party python modules from site-specific paths. This behavior is consistent with the upstream 1.0.7-1 version of pam-python. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1901606 Title: security update broke module import in libpam-python, "from httplib2 import Http" fails now To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam-python/+bug/1901606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1901606] Re: security update broke module import in libpam-python, "from httplib2 import Http" fails now
** Changed in: pam-python (Ubuntu Bionic) Status: New => Fix Released ** Changed in: pam-python (Ubuntu Xenial) Status: Confirmed => Fix Released ** Changed in: pam-python (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1901606 Title: security update broke module import in libpam-python, "from httplib2 import Http" fails now To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam-python/+bug/1901606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1901606] Re: security update broke module import in libpam-python, "from httplib2 import Http" fails now
** Also affects: pam-python (Ubuntu Bionic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1901606 Title: security update broke module import in libpam-python, "from httplib2 import Http" fails now To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam-python/+bug/1901606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1901606] Re: security update broke module import in libpam-python, "from httplib2 import Http" fails now
It may actually be caused because Py_NoSiteFlag is set. I'm still investigating. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1901606 Title: security update broke module import in libpam-python, "from httplib2 import Http" fails now To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam-python/+bug/1901606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1901606] Re: security update broke module import in libpam-python, "from httplib2 import Http" fails now
The issue occurs because the patch sets Py_NoUserSiteDirectory. I'm currently looking into a fix. For a temporary workaround, you can `sudo apt install libpam- python=1.0.4-1` and then pin the package version by following the steps here: https://serverfault.com/questions/435132/how-to-version-lock- packages-in-ubuntu Please note that reverting to 1.0.4-1 will leave you vulnerable to CVE-2019-16729 (https://people.canonical.com/~ubuntu- security/cve/2019/CVE-2019-16729.html), and pinning the package will prevent any future security updates or bug fixes from being installed on your system. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-16729 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1901606 Title: security update broke module import in libpam-python, "from httplib2 import Http" fails now To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam-python/+bug/1901606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1901606] Re: security update broke module import in libpam-python, "from httplib2 import Http" fails now
** Also affects: pam-python (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: pam-python (Ubuntu) Status: New => Confirmed ** Changed in: pam-python (Ubuntu Xenial) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1901606 Title: security update broke module import in libpam-python, "from httplib2 import Http" fails now To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam-python/+bug/1901606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1901606] Re: security update broke module import in libpam-python, "from httplib2 import Http" fails now
note this also happens with the version of httplib2 installed from apt-get install python-httplib2 from the repositories, not just the version from pip I was using. pip2 install httplib2 installs the module into: /usr/local/lib/python2.7 /dist-packages and the python-httplib2 package installs it into: /usr/lib/python2.7 /dist-packages/ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1901606 Title: security update broke module import in libpam-python, "from httplib2 import Http" fails now To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pam-python/+bug/1901606/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
