Bug#1101417: marked as done (pydantic-core - upcoming rust-idna update)

Debian Bug Tracking System Sun, 06 Apr 2025 05:39:18 -0700

Your message dated Sun, 06 Apr 2025 12:34:17 +0000
with message-id <e1u1pcb-00dlj9...@fasolo.debian.org>
and subject line Bug#1101417: fixed in pydantic-core 2.27.2-2
has caused the Debian Bug report #1101417,
regarding pydantic-core - upcoming rust-idna update
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1101417: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101417
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: pydantic-core
version: 2.27.2-1

I hope to update rust-idna soon to version 1.0.3 to fix CVE-2024-12224,
the Debian build-dependencies for your package allow the new version
but the Cargo dependency does not.

After relaxing the cargo dependency, I ran into some test failures,
I think these are just oversensitive tests, but any feedback would
be appreciated.

An example of one of the errors is

> E           AssertionError: Regex pattern did not match.
> E            Regex: 'Input\\ should\\ be\\ a\\ valid\\ URL,\\ invalid\\ 
domain\\ character\\ \\[type=url_parsing,'
> E            Input: "1 validation error for url\n  Input should be a valid URL, 
invalid international domain name [type=url_parsing, input_valu                              
                                      e='http://127.0.0.1%0d%0aConnection%3a%20keep-alive', 
input_type=str]\n    For further information visit 
https://errors.pydantic.dev/latest/v/url_parsing";

The new versions of rust-idna and rust-url have been uploaded to
experimental.

diff -Nru pydantic-core-2.27.2/debian/cargo_home/config.toml 
pydantic-core-2.27.2/debian/cargo_home/config.toml
--- pydantic-core-2.27.2/debian/cargo_home/config.toml  2024-12-18 
23:11:09.000000000 +0000
+++ pydantic-core-2.27.2/debian/cargo_home/config.toml  2025-03-27 
08:17:41.000000000 +0000
@@ -1,8 +1,11 @@
-[source]
+[source.crates-io]
+replace-with = "dh-cargo-registry"
 
-[source.debian]
-directory = "/usr/share/cargo/registry/"
+[source.dh-cargo-registry]
+directory = "/pydantic-core-2.27.2/debian/cargo_registry"
 
-[source.crates-io]
-replace-with = "debian"
+[build]
+rustflags = ['-C', 'debuginfo=2', '-C', 'strip=none', '--cap-lints', 'warn', 
'-C', 'linker=x86_64-linux-gnu-gcc', '-C', 'link-arg=-Wl,-z,relro', '-C', 
'link-arg=-Wl,-z,now', '--remap-path-prefix', 
'/pydantic-core-2.27.2=/usr/share/cargo/registry/pydantic-core-2.27.2', 
'--remap-path-prefix', 
'/pydantic-core-2.27.2/debian/cargo_registry=/usr/share/cargo/registry']
 
+[profile.release]
+debug = true
diff -Nru pydantic-core-2.27.2/debian/changelog 
pydantic-core-2.27.2/debian/changelog
--- pydantic-core-2.27.2/debian/changelog       2024-12-18 23:11:09.000000000 
+0000
+++ pydantic-core-2.27.2/debian/changelog       2025-03-27 08:23:30.000000000 
+0000
@@ -1,3 +1,10 @@
+pydantic-core (2.27.2-1.1) UNRELEASED; urgency=medium
+
+  * Non-maintainer upload.
+  * Relax cargo dependency on idna crate.
+
+ -- root <cjwat...@debian.org>  Thu, 27 Mar 2025 08:23:30 +0000
+
 pydantic-core (2.27.2-1) unstable; urgency=medium
 
   * Team upload.
diff -Nru pydantic-core-2.27.2/debian/.gitignore 
pydantic-core-2.27.2/debian/.gitignore
--- pydantic-core-2.27.2/debian/.gitignore      2024-12-18 23:11:09.000000000 
+0000
+++ pydantic-core-2.27.2/debian/.gitignore      1970-01-01 00:00:00.000000000 
+0000
@@ -1,2 +0,0 @@
-/cargo_registry
-/files
diff -Nru 
pydantic-core-2.27.2/debian/patches/0001-Fudge-rust-crate-version-requirements.patch
 
pydantic-core-2.27.2/debian/patches/0001-Fudge-rust-crate-version-requirements.patch
--- 
pydantic-core-2.27.2/debian/patches/0001-Fudge-rust-crate-version-requirements.patch
        2024-12-18 23:11:09.000000000 +0000
+++ 
pydantic-core-2.27.2/debian/patches/0001-Fudge-rust-crate-version-requirements.patch
        2025-03-27 07:56:33.000000000 +0000
@@ -16,7 +16,7 @@
  url = "2.5.0"
  # idna is already required by url, added here to be explicit
 -idna = "1.0.2"
-+idna = "0.4.0"
++idna = ">= 0.4.0"
  base64 = "0.22.1"
  num-bigint = "0.4.6"
  python3-dll-a = "0.2.10"

--- End Message ---

--- Begin Message ---

Source: pydantic-core
Source-Version: 2.27.2-2
Done: Colin Watson <cjwat...@debian.org>

We believe that the bug you reported is fixed in the latest version of
pydantic-core, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1101...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwat...@debian.org> (supplier of updated pydantic-core package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 06 Apr 2025 13:08:44 +0100
Source: pydantic-core
Architecture: source
Version: 2.27.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Colin Watson <cjwat...@debian.org>
Closes: 1101417
Changes:
 pydantic-core (2.27.2-2) unstable; urgency=medium
 .
   * Add myself to Uploaders.
   * Drop patch to use idna 0.4.x.
   * Adjust tests for url 2.5.4 (closes: #1101417).
Checksums-Sha1:
 672c74e8fb5c896ccaa1f70ced318bf647fac6d3 3458 pydantic-core_2.27.2-2.dsc
 6aa3bff5d7a7737192f374fdacf0439cd3a1417d 4452 
pydantic-core_2.27.2-2.debian.tar.xz
Checksums-Sha256:
 29a57a0a850aa0ce08e8fee06cc2fcc8260dc7591bd4f8aff956a3415bf92b23 3458 
pydantic-core_2.27.2-2.dsc
 a16cd6a8152cfb312adc1cfa9619ca5efefe2c5ab4ddb8ceddc7a372b08b91ee 4452 
pydantic-core_2.27.2-2.debian.tar.xz
Files:
 f8a918c39b66f61a5c80f2a49535d363 3458 python optional 
pydantic-core_2.27.2-2.dsc
 d8ec2c71872db6155a3a803f5287441a 4452 python optional 
pydantic-core_2.27.2-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmfybusACgkQOTWH2X2G
UAveeQ//ctkhyC6qVO5A5f+PJ8Fk5RdU7eJ8icoByFUEE9rAEvg3ySNy92wCiCok
VGQkId59JYV7Kpk6Vpyi+g46p2EDvpj3Sv61BUurfEqFmJI78s7wdRxchyZbcG0t
MHm3BVbj6QCp1Fg8Pl+kxA9NGT7vD5gxG3uCUHj+7loQ+nriYRra+/AG0GbthMyy
WdPZNiFsZiQ2JAAf+GY89bm6Ihg4/SmXca8GPn0HyzKwFOkFUzD7yfpfBOOLNtoJ
n715yoMiAtNoPjfLo0E6wHNjRd6mZjtEbI5cHJwtpuBGUxb6ZABJCeNLSEnLGvkc
n90eRkyqmaDXWTD0evADhdImK83XQtawzCFyEwtoJVRVLeAAOPgVwrFkFRn7F5sR
i8avcHdSpj7uLflB7c/lr2i9KYjxRWqCT1ycXoCznddTeh501ls6rk8ZGPaMIl8F
Eg0aMA2j0PoGQoaKH3FpTzYVt5TZJEqGMF4iM998JL15O2fRtRU2n3wEzAu0tNPT
MO62xh6hDs51tpSi2g66nFA2Mb0iQdt09VG60woNOaIqawf40L5aXkPq4DNOgZEo
E8qKMo2mW4ykkdTRF5TXZVIwwIWzuowBQSijSNLHe6TK9fEROUgEf+vBKOA1Ul6r
ZmrW9eZOvgZuwZxU3ASv3a8KCaakFkH5/W7wxn9ygXDvAxuOx9k=
=PK6R
-----END PGP SIGNATURE-----

pgpBXUUjekYrV.pgp
Description: PGP signature

--- End Message ---

Bug#1101417: marked as done (pydantic-core - upcoming rust-idna update)

Reply via email to