[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#32957: Python uses a bundled expat
From: |
Marius Bakke |
Subject: |
bug#32957: Python uses a bundled expat |
Date: |
Sat, 23 Mar 2019 23:34:02 +0100 |
User-agent: |
Notmuch/0.28.2 (https://notmuchmail.org) Emacs/26.1 (x86_64-pc-linux-gnu) |
Leo Famulari <address@hidden> writes:
> On Sat, Oct 06, 2018 at 04:58:13PM +0200, Marius Bakke wrote:
>> Python 2 and 3 are using a bundled Expat (residing under Modules/).
>>
>> This has been the cause of security vulnerabilities in the past and
>> should be changed to use Expat from Guix.
>
> Looks like Debian uses an external Expat to fill the dependency, so it
> should be possible:
>
> https://packages.debian.org/stretch/python3.5-minimal
>
> We should look into the difference between the bundled Expat and
> upstream Expat.
Looking at the Debian package did help me figure out how to make it use
system Expat. We needed this patch:
<https://salsa.debian.org/cpython-team/python3/blob/master/debian/patches/setup-modules.diff>.
That patch only works *after* the configure step and requires
regenerating some files (see the rules file around PyExpat), so I took a
simpler approach.
Fixed in d1659c0fb27c4f71c8ddc6a85d3cd9f3a10cca97.
signature.asc
Description: PGP signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#32957: Python uses a bundled expat,
Marius Bakke <=