Bug#566258: spu: fix expat denial-of-services in python packages
On Fri, 22 Jan 2010 18:27:52 +0000, Adam D. Barratt wrote:
> On Fri, 2010-01-22 at 13:14 -0500, Michael Gilbert wrote:
> > On Fri, 22 Jan 2010 17:41:11 +0000, Adam D. Barratt wrote:
> > > Apologies for not spotting it earlier, but the python2.4 diff is broken
> > > (as is the 2.5 diff, for the same reasons). The package doesn't build
> > > depend on dpatch, so attempting to use patches starting
> > >
> > > #! /bin/sh /usr/share/dpatch/dpatch-run
> > >
> > > is destined to fail in a clean build environment.
> > >
> > > The patches need reworking to use an application method that doesn't
> > > depend on dpatch (i.e. the method used by the pre-existing patches).
> >
> > ok, it looked like the package was using dpatch, but upon further
> > inspection, you are correct, it is using some weird cross-breed of
> > a patch system.
>
> I have to admit that I thought it was using dpatch until I tried a test
> build to try and replicate the pybench failure.
>
> > i was able to build the package outside of a vm, and the pybench test
> > succeeded. so it looks like i can get rid of those changes.
>
> That's good news.
>
> For completeness, please could you provide updated debdiffs for the
> python2.4 and python2.5 updates? The python-xml diff is fine for upload
> as-is.
yes, i was planning to do so, but not until late tonight.
mike
Reply to: