bug#32957: Python uses a bundled expat

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#32957: Python uses a bundled expat

From:	Marius Bakke
Subject:	bug#32957: Python uses a bundled expat
Date:	Sat, 23 Mar 2019 23:34:02 +0100
User-agent:	Notmuch/0.28.2 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu)

Leo Famulari <address@hidden> writes:

> On Sat, Oct 06, 2018 at 04:58:13PM +0200, Marius Bakke wrote:
>> Python 2 and 3 are using a bundled Expat (residing under Modules/).
>> 
>> This has been the cause of security vulnerabilities in the past and
>> should be changed to use Expat from Guix.
>
> Looks like Debian uses an external Expat to fill the dependency, so it
> should be possible:
>
> https://packages.debian.org/stretch/python3.5-minimal
>
> We should look into the difference between the bundled Expat and
> upstream Expat.

Looking at the Debian package did help me figure out how to make it use
system Expat.  We needed this patch:
<https://salsa.debian.org/cpython-team/python3/blob/master/debian/patches/setup-modules.diff>.

That patch only works *after* the configure step and requires
regenerating some files (see the rules file around PyExpat), so I took a
simpler approach.

Fixed in d1659c0fb27c4f71c8ddc6a85d3cd9f3a10cca97.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#32957: Python uses a bundled expat, Marius Bakke <=

Prev by Date: bug#34935: nanopolish is not reproducible
Next by Date: bug#34828: [PATCH] bug#34828 gnu: psmisc: Make package description more informative
Previous by thread: bug#34955: Manual: Service extensions not clear
Next by thread: bug#26234: SLIM, SDDM can only be used with en_US keyboard layout
Index(es):
- Date
- Thread