Bug#1006883: marked as done (bullseye-pu: package python-pip/20.3.4-4+deb11u1)

Debian Bug Tracking System Sat, 26 Mar 2022 05:12:47 -0700

Your message dated Sat, 26 Mar 2022 11:59:13 +0000
with message-id 
<c4d20274f6d76a43fb574d2177f6e3af4235e4be.ca...@adam-barratt.org.uk>
and subject line Closing p-u requests for updates in 11.3
has caused the Debian Bug report #1006883,
regarding bullseye-pu: package python-pip/20.3.4-4+deb11u1
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1006883: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006883
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu
X-Debbugs-Cc: python-...@packages.debian.org

[ Reason ]
There is a race-condition in pip querying metadata from PyPI in
parallel, e.g. for "pip list --outdated". I suspect upstream never saw
it because we were using zipimports for pip's dependencies, where they
vendor them.

The race-condition seems to be specific to their home-grown parallel
map() implementation, that has later been replaced by Python's native
map().

[ Impact ]
pip list --outdated can fail with a very obscure traceback. See
#1006150.

[ Tests ]
Manually reproduced the race, fairly frequently.
With this patch I haven't seen the race again.

[ Risks ]
Trivial change, following something upstream did in a later version,
when dropping support for older Python releases.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Use Python's native map() instead of pip's home-grown map_multithread().

[ Other info ]
N/A

diff -Nru python-pip-20.3.4/debian/changelog python-pip-20.3.4/debian/changelog
--- python-pip-20.3.4/debian/changelog  2021-07-01 16:44:29.000000000 -0400
+++ python-pip-20.3.4/debian/changelog  2022-03-07 11:19:24.000000000 -0400
@@ -1,3 +1,10 @@
+python-pip (20.3.4-4+deb11u1) bullseye; urgency=medium
+
+  * Use native map() to avoid a zipimport race in pip list --outdated.
+    (Closes: #1006150)
+
+ -- Stefano Rivera <stefa...@debian.org>  Mon, 07 Mar 2022 11:19:24 -0400
+
 python-pip (20.3.4-4) unstable; urgency=medium
 
   * No-change upload against distlib 0.3.2+really+0.3.1-0.1.
diff -Nru python-pip-20.3.4/debian/patches/native-map.patch 
python-pip-20.3.4/debian/patches/native-map.patch
--- python-pip-20.3.4/debian/patches/native-map.patch   1969-12-31 
20:00:00.000000000 -0400
+++ python-pip-20.3.4/debian/patches/native-map.patch   2022-03-07 
11:19:24.000000000 -0400
@@ -0,0 +1,33 @@
+From: Stefano Rivera <stefa...@debian.org>
+Date: Mon, 7 Mar 2022 11:17:31 -0400
+Subject: Use native map() instead of map_multithread()
+
+Avoids a race-condition when using zip-imported dependencies.
+
+Origin: upstream, 
https://github.com/pypa/pip/commit/0252c04a16cd93fe422cebf0b48453b559a2e404
+Bug-Debian: https://bugs.debian.org/1006150
+---
+ src/pip/_internal/commands/list.py | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/pip/_internal/commands/list.py 
b/src/pip/_internal/commands/list.py
+index 10720b2..8e63eea 100644
+--- a/src/pip/_internal/commands/list.py
++++ b/src/pip/_internal/commands/list.py
+@@ -20,7 +20,6 @@ from pip._internal.utils.misc import (
+     write_output,
+ )
+ from pip._internal.utils.packaging import get_installer
+-from pip._internal.utils.parallel import map_multithread
+ from pip._internal.utils.typing import MYPY_CHECK_RUNNING
+ 
+ if MYPY_CHECK_RUNNING:
+@@ -234,7 +233,7 @@ class ListCommand(IndexGroupCommand):
+                 dist.latest_filetype = typ
+                 return dist
+ 
+-            for dist in map_multithread(latest_info, packages):
++            for dist in map(latest_info, packages):
+                 if dist is not None:
+                     yield dist
+ 
diff -Nru python-pip-20.3.4/debian/patches/series 
python-pip-20.3.4/debian/patches/series
--- python-pip-20.3.4/debian/patches/series     2021-07-01 16:44:29.000000000 
-0400
+++ python-pip-20.3.4/debian/patches/series     2022-03-07 11:19:24.000000000 
-0400
@@ -10,3 +10,4 @@
 debug-command-for-unbundled.patch
 str-version.patch
 git-split-ascii.patch
+native-map.patch

--- End Message ---

--- Begin Message ---

Package: release.debian.org
Version: 11.3

Hi,

The updates referenced by these bugs were included in stable as part of
this morning's 11.3 point release.

Regards,

Adam

--- End Message ---

Bug#1006883: marked as done (bullseye-pu: package python-pip/20.3.4-4+deb11u1)

Reply via email to