Public bug reported:
It appears 3.8.10-0ubuntu1~20.04.16 fixed
https://github.com/python/cpython/issues/105704 . However, in doing so,
it also broke IPv6 zone parsing.
The following used to work on focal:
>>> from urllib.parse import urlparse
>>> urlparse('http://[fe80::1ff:fe23:4567:890a%25eth0]/')
But now, we get:
(focal-amd64)james@cow:/build/cloud-init-M2qWdO/cloud-init-24.4.1$ dpkg -l |
grep python3.8
ii libpython3.8-minimal:amd64 3.8.10-0ubuntu1~20.04.16 amd64
Minimal subset of the Python language (version 3.8)
ii libpython3.8-stdlib:amd64 3.8.10-0ubuntu1~20.04.16 amd64
Interactive high-level object-oriented language (standard library, version 3.8)
ii python3.8 3.8.10-0ubuntu1~20.04.16 amd64
Interactive high-level object-oriented language (version 3.8)
ii python3.8-minimal 3.8.10-0ubuntu1~20.04.16 amd64
Minimal subset of the Python language (version 3.8)
(focal-amd64)james@cow:/build/cloud-init-M2qWdO/cloud-init-24.4.1$ python3
Python 3.8.10 (default, Mar 11 2025, 17:45:31)
[GCC 9.4.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from urllib.parse import urlparse
>>> urlparse('http://[fe80::1ff:fe23:4567:890a%25eth0]/')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.8/urllib/parse.py", line 385, in urlparse
splitresult = urlsplit(url, scheme, allow_fragments)
File "/usr/lib/python3.8/urllib/parse.py", line 495, in urlsplit
_check_bracketed_netloc(netloc)
File "/usr/lib/python3.8/urllib/parse.py", line 444, in
_check_bracketed_netloc
_check_bracketed_host(hostname)
File "/usr/lib/python3.8/urllib/parse.py", line 453, in _check_bracketed_host
ip = ipaddress.ip_address(hostname) # Throws Value Error if not IPv6 or IPv4
File "/usr/lib/python3.8/ipaddress.py", line 53, in ip_address
raise ValueError('%r does not appear to be an IPv4 or IPv6 address' %
ValueError: 'fe80::1ff:fe23:4567:890a%25eth0' does not appear to be an IPv4 or
IPv6 address
Compared to python tip (with the CVE fix) this works as expected:
$ python3
Python 3.14.0a6+ (heads/main:a09c2b2ba64, Mar 17 2025, 13:25:19) [GCC 14.2.0]
on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from urllib.parse import urlparse
>>> urlparse('http://[fe80::1ff:fe23:4567:890a%25eth0]/')
ParseResult(scheme='http', netloc='[fe80::1ff:fe23:4567:890a%25eth0]',
path='/', params='', query='', fragment='')
>>>
>>> urlparse('http://prefix.[v1.example]/') # show that CVE is fixed
Traceback (most recent call last):
File "<python-input-2>", line 1, in <module>
urlparse('http://prefix.[v1.example]/') # show that CVE is fixed
~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/james/.pyenv/versions/3.14-dev/lib/python3.14/urllib/parse.py",
line 395, in urlparse
scheme, netloc, url, params, query, fragment = _urlparse(url, scheme,
allow_fragments)
~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/james/.pyenv/versions/3.14-dev/lib/python3.14/urllib/parse.py",
line 400, in _urlparse
scheme, netloc, url, query, fragment = _urlsplit(url, scheme,
allow_fragments)
~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/james/.pyenv/versions/3.14-dev/lib/python3.14/urllib/parse.py",
line 525, in _urlsplit
_check_bracketed_netloc(netloc)
~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^
File "/home/james/.pyenv/versions/3.14-dev/lib/python3.14/urllib/parse.py",
line 450, in _check_bracketed_netloc
raise ValueError("Invalid IPv6 URL")
ValueError: Invalid IPv6 URL
>>>
** Affects: python3.8 (Ubuntu)
Importance: Undecided
Status: New
** Affects: python3.8 (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: python3.8 (Ubuntu Focal)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2103454
Title:
3.8.10-0ubuntu1~20.04.16 broke IPv6 zone parsing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python3.8/+bug/2103454/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
