* Moritz Muehlenhoff <jmm@debian.org>, 2014-03-11, 18:30:
I prepared a security update for python2.7 in stable-security fixing CVE-2013-4238 and CVE-2014-1912. But rebuilding the package caused changes in the file list which are not obvious to me:In python2.7-minimal: +/usr/lib/python2.7/lib-dynload/_hashlib.so +/usr/lib/python2.7/lib-dynload/_ssl.so In python2.7: +/usr/lib/python2.7/lib-dynload/_hashlib.so +/usr/lib/python2.7/lib-dynload/_ssl.so
Unexpected migrations of these modules between python2.7 and python2.7-minimal have been observed in the past: #702005. Turns out that sweeping the problem under the carpet, instead of fixing it properly, wasn't the best strategy…
Does anyone have an idea what's going wrong? debian/rules has some commented entries for lib-dynload/_bsddb.so, so this seems to be a generic problem?
No idea yet, but I will look into it.
This happened both for my local build and on the buildd. Source package and build log are on http://people.debian.org/~jmm/
“You don't have permission to access /~jmm/python2.7_2.7.3-6+deb7u1_i386-20140305-1206.gz on this server.”
-- Jakub Wilk