Bug#566258: spu: fix expat denial-of-services in python packages
On Fri, 2010-01-22 at 13:14 -0500, Michael Gilbert wrote:
> On Fri, 22 Jan 2010 17:41:11 +0000, Adam D. Barratt wrote:
> > Apologies for not spotting it earlier, but the python2.4 diff is broken
> > (as is the 2.5 diff, for the same reasons). The package doesn't build
> > depend on dpatch, so attempting to use patches starting
> >
> > #! /bin/sh /usr/share/dpatch/dpatch-run
> >
> > is destined to fail in a clean build environment.
> >
> > The patches need reworking to use an application method that doesn't
> > depend on dpatch (i.e. the method used by the pre-existing patches).
>
> ok, it looked like the package was using dpatch, but upon further
> inspection, you are correct, it is using some weird cross-breed of
> a patch system.
I have to admit that I thought it was using dpatch until I tried a test
build to try and replicate the pybench failure.
> i was able to build the package outside of a vm, and the pybench test
> succeeded. so it looks like i can get rid of those changes.
That's good news.
For completeness, please could you provide updated debdiffs for the
python2.4 and python2.5 updates? The python-xml diff is fine for upload
as-is.
Thanks,
Adam
Reply to: