Hi, I noticed that creating virtualenvs did not work anymore with the latest python 3.10 package on Fedora 38
...snip [root@fe60c84b08f3 /]# cat /etc/fedora-release Fedora release 38 (Thirty Eight) [root@fe60c84b08f3 /]# rpm -q python3.10 python3.10-3.10.14-1.fc38.x86_64 snap...
Here comes the error
...snip [root@fe60c84b08f3 /]# python3.10 -m venv venv Error: Command '['/venv/bin/python3.10', '-m', 'ensurepip', '--upgrade', '--default-pip']' returned non-zero exit status 1. snap...
https://www.python.org/downloads/release/python-31014/ tells us ... bundled libexpat was updated to 2.6.0 to address CVE-2023-52425...
using the fedora container for CI runs without doing global dnf update to save resources I had to update expat from expat-2.5.0-2.fc38.x86_64 to expat-2.6.0-1.fc38.x86_64
I wonder if there is a way to reflect that in the spec file something like:
...snip Requires: expat >= 2.6.0 snap...
?
All the best, Markus
On 17. 04. 24 23:10, Markus Falb wrote:
Hi, I noticed that creating virtualenvs did not work anymore with the latest python 3.10 package on Fedora 38
Hello Markus,
Thanks for the report, this is indeed happening.
[root@fe60c84b08f3 /]# python3.10 -m venv venv Error: Command '['/venv/bin/python3.10', '-m', 'ensurepip', '--upgrade', '--default-pip']' returned non-zero exit status 1. snap...
And the error is (when I run the failed command):
ImportError: /usr/lib64/python3.10/lib-dynload/pyexpat.cpython-310-x86_64-linux-gnu.so: undefined symbol: XML_SetReparseDeferralEnabled
Unfortunately this also happens with all python3.8 ... python3.13.
3.11 and 3.12 were still in updates testing, so I have blocked the autopush for now:
https://bodhi.fedoraproject.org/updates/FEDORA-2024-d615822702 https://bodhi.fedoraproject.org/updates/FEDORA-2024-98a723cb68
I am afraid this also impacts newer Fedoras once shipped with older expat.
https://www.python.org/downloads/release/python-31014/ tells us ... bundled libexpat was updated to 2.6.0 to address CVE-2023-52425...
And we unbundle it, yet we depend on the new symbol :(
using the fedora container for CI runs without doing global dnf update to save resources I had to update expat from expat-2.5.0-2.fc38.x86_64 to expat-2.6.0-1.fc38.x86_64
Fortunately, fedora:39 from registry.fedoraproject.org already has expat-2.6.2-1.fc39.
I wonder if there is a way to reflect that in the spec file something like:
...snip Requires: expat >= 2.6.0 snap...
Yes, we need to do that. I'm on it.
---
I wonder how to prevent this in the future. There is https://github.com/rpm-software-management/rpm/pull/2372 but that will take a while. Perhaps we need to always Require expat >= version of expat used when building.
On 18. 04. 24 0:37, Miro Hrončok wrote:
On 17. 04. 24 23:10, Markus Falb wrote:
I wonder if there is a way to reflect that in the spec file something like:
...snip Requires: expat >= 2.6.0 snap...
Yes, we need to do that. I'm on it.
https://src.fedoraproject.org/rpms/python3.13/pull-request/54 -- other Pythons will follow after CI + review.
On 18. 04. 24 1:00, Miro Hrončok wrote:
On 18. 04. 24 0:37, Miro Hrončok wrote:
On 17. 04. 24 23:10, Markus Falb wrote:
I wonder if there is a way to reflect that in the spec file something like:
...snip Requires: expat >= 2.6.0 snap...
Yes, we need to do that. I'm on it.
https://src.fedoraproject.org/rpms/python3.13/pull-request/54 -- other Pythons will follow after CI + review.
Here is the Fedora 38 python3.10 update:
https://bodhi.fedoraproject.org/updates/FEDORA-2024-7736b7ce48
Other updates are available as well:
https://bodhi.fedoraproject.org/updates/?packages=python3.8,python3.9,python...
python-devel@lists.fedoraproject.org