[Bug 656779] New: Python: a crasher bug in pyexpat - upstream patch needs backporting
https://bugzilla.novell.com/show_bug.cgi?id=656779 https://bugzilla.novell.com/show_bug.cgi?id=656779#c0 Summary: Python: a crasher bug in pyexpat - upstream patch needs backporting Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: ke@novell.com ReportedBy: ke@novell.com QAContact: qa@suse.de CC: carnold@novell.com, jsmeix@novell.com, coolo@novell.com, mge@novell.com, thomas.schraitle@novell.com, jdluhos@novell.com, jmatejek@novell.com Depends on: 654050 Found By: Documentation Blocker: --- +++ This bug was initially created as a clone of Bug #654050 +++ The pyexpat module installed with SLES11 is vulnerable to a crash described at http://bugs.python.org/issue9054 A patch is attached to the issue report, we just need to attach it. The crash is reproducible by running test_pyexpat.py, which produces: $ python test_pyexpat.py test_ordered_attributes (__main__.SetAttributeTest) ... ok test_returns_unicode (__main__.SetAttributeTest) ... ok test_specified_attributes (__main__.SetAttributeTest) ... ok test_parse_file (__main__.ParseTest) ... ok test_unicode (__main__.ParseTest) ... ok test_utf8 (__main__.ParseTest) ... ok test_illegal (__main__.NamespaceSeparatorTest) ... ok test_legal (__main__.NamespaceSeparatorTest) ... ok test_zero_length (__main__.NamespaceSeparatorTest) ... ok test (__main__.InterningTest) ... ok test1 (__main__.BufferTextTest) ... ok test2 (__main__.BufferTextTest) ... ok test3 (__main__.BufferTextTest) ... ok test4 (__main__.BufferTextTest) ... ok test5 (__main__.BufferTextTest) ... ok test6 (__main__.BufferTextTest) ... ok test7 (__main__.BufferTextTest) ... ok test_buffering_enabled (__main__.BufferTextTest) ... ok test_default_to_disabled (__main__.BufferTextTest) ... ok test (__main__.HandlerExceptionTest) ... ok test (__main__.PositionTest) ... ok test_parse_only_xml_data (__main__.sf1296433Test) ... Segmentation fault =========================================================================== Jan Matejek: ------------ interestingly, the crash doesn't come from python itself, but from package pyxml That package happens to be seriously outdated (last upstream release in 2004, unmaintained since 2009). This can probably be fixed by removing the package, all the functionality from pyxml should now be in the python-xml package. (btw, python runs its regression tests during build and those apparently passed) Reassigning to pyxml maintainer, or feel free to close the bug if removing pyxml is good enough solution. Karl Eichwalder 2010-11-26 08:18:18 UTC On my system (11.3), these packages depend on pyxml: pyxml is needed by (installed) python-lxml-2.2.6-3.1.x86_64 pyxml is needed by (installed) inkscape-extensions-extra-0.47-6.1.x86_64 pyxml is needed by (installed) hplip-3.10.2-1.13.x86_64 pyxml is needed by (installed) gtk2-devel-2.20.1-2.13.x86_64 pyxml is needed by (installed) xen-tools-4.0.0_21091_06-0.1.1.x86_64 Would it work, if these package would require python-xml? ======================================================================== Jan Matejek 2010-11-29 14:42:31 UTC python-lxml should not require pyxml at all - i am testing this assumption now xen-tools seem to be able to use python-lxml instead of pyxml via this patch: http://xen.1045712.n5.nabble.com/xen-unstable-Replace-pyxml-xmlproc-based-XM... ========================================================================== Johannes Meixner 2010-11-30 09:40:36 UTC I have no knowledge about Python stuff. What HPLIP does to check for Python XML libraries is: ----------------------------------------------------------------- def check_python_xml(self): try: import xml.parsers.expat except ImportError: return False else: return True ----------------------------------------------------------------- It seems anything which provides "xml.parsers.expat" is sufficient for HPLIP. I had added an explicite RPM requirement for pyxml according to this hplip.changes entry: ------------------------------------------------------------------ Wed Apr 2 14:40:57 CEST 2008 - jsmeix@suse.de .. - Require pyxml to have the xml.parsers.expat Python module, see https://answers.launchpad.net/hplip/+question/25696 ------------------------------------------------------------------ Is meanwhile python-xml alone sufficient for "import xml.parsers.expat"? If yes, since which openSUSE version is python-xml alone sufficient for "import xml.parsers.expat"? (I provide HPLIP for openSUSE 11.1 and SLE11/SLE11-SP1 in the openSUSE build service.) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c1
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c2
--- Comment #2 from Charles Arnold
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c3
Jan Matejek
Is meanwhile python-xml alone sufficient for "import xml.parsers.expat"?
yes
If yes, since which openSUSE version is python-xml alone sufficient for "import xml.parsers.expat"? (I provide HPLIP for openSUSE 11.1 and SLE11/SLE11-SP1 in the openSUSE build service.)
AFAIK, xml.parsers.expat was always provided by python-xml. Both SLE11 and openSUSE 11.1 have a recent enough version. (before python 2.5, the expat in python-xml was from old version 1.9. But we had python 2.5 in 2006) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c4
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c5
--- Comment #5 from Johannes Meixner
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=656779 https://bugzilla.novell.com/show_bug.cgi?id=656779#c Bug 656779 depends on bug 657698, which changed state. Bug 657698 Summary: python-lxml must not require pyxml http://bugzilla.novell.com/show_bug.cgi?id=657698 What |Old Value |New Value ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Status|ASSIGNED |RESOLVED Resolution| |FIXED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c6
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c7
--- Comment #7 from Vincent Untz
inkscape-extensions-extra : vuntz (or one of the other GNOME apps maintainers, please)
Already fixed, see bug 654050 comment 9. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c8
--- Comment #8 from Thomas Schraitle
calibre : jnweiger / thomas-schraitle
According to the dependency list on Calibre's homepage http://calibre-ebook.com/download_linux pyxml is not listed. I guess, it's a hangover from python-lxml which contained the dependency of pyxml. As this is gone now, there shouldn't be any issues with calibre. Unfortunately, I haven't had the time to test Calibre extensively. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c9
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c10
Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c11
Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c12
--- Comment #12 from Stephan Kulow
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c13
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=656779
https://bugzilla.novell.com/show_bug.cgi?id=656779#c14
Karl Eichwalder
participants (1)
-
bugzilla_noreply@novell.com