Bug#566258: spu: fix expat denial-of-services in python packages
On Fri, 22 Jan 2010 17:41:11 +0000, Adam D. Barratt wrote:
> On Fri, 2010-01-22 at 15:20 +0000, Adam D. Barratt wrote:
> > Hi,
> >
> > On Fri, 2010-01-22 at 09:13 -0500, Michael Gilbert wrote:
> > > i have prepared updates that fix the expat denial-of-services in
> > > lenny's python packages (python2.5, python2.4, and python-xml). see
> > > attached debdiffs.
> >
> > Please go ahead for python2.4 and python-xml.
>
> Apologies for not spotting it earlier, but the python2.4 diff is broken
> (as is the 2.5 diff, for the same reasons). The package doesn't build
> depend on dpatch, so attempting to use patches starting
>
> #! /bin/sh /usr/share/dpatch/dpatch-run
>
> is destined to fail in a clean build environment.
>
> The patches need reworking to use an application method that doesn't
> depend on dpatch (i.e. the method used by the pre-existing patches).
ok, it looked like the package was using dpatch, but upon further
inspection, you are correct, it is using some weird cross-breed of
a patch system.
i was able to build the package outside of a vm, and the pybench test
succeeded. so it looks like i can get rid of those changes.
mike
Reply to: