[python/f16] 2.7.3-3: add explicit version requirements on expat

dmalcolm dmalcolm at fedoraproject.org
Thu Apr 19 18:24:37 UTC 2012 

commit 79e6c0ac729e2702ecce8a7d5dac17c90fc3b155
Author: David Malcolm <dmalcolm at redhat.com>
Date:   Thu Apr 19 14:23:22 2012 -0400

    2.7.3-3:  add explicit version requirements on expat
    
    * Thu Apr 19 2012 David Malcolm <dmalcolm at redhat.com> - 2.7.3-3
    - add explicit version requirements on expat to avoid linkage problems with
    XML_SetHashSalt

 python.spec |   18 ++++++++++++++++--
 1 files changed, 16 insertions(+), 2 deletions(-)
---
diff --git a/python.spec b/python.spec
index 51dd6f8..e4419e8 100644
--- a/python.spec
+++ b/python.spec
@@ -102,7 +102,7 @@ Summary: An interpreted, interactive, object-oriented programming language
 Name: %{python}
 # Remember to also rebase python-docs when changing this:
 Version: 2.7.3
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: Python
 Group: Development/Languages
 Requires: %{python}-libs%{?_isa} = %{version}-%{release}
@@ -120,7 +120,11 @@ BuildRequires: autoconf
 BuildRequires: bzip2
 BuildRequires: bzip2-devel
 BuildRequires: db4-devel >= 4.8
-BuildRequires: expat-devel
+
+# expat 2.1.0 added the symbol XML_SetHashSalt without bumping SONAME.  We use
+# it (in pyexpat) in order to enable the fix in Python-2.7.3 for CVE-2012-0876:
+BuildRequires: expat-devel >= 2.1.0
+
 BuildRequires: findutils
 BuildRequires: gcc-c++
 BuildRequires: gdbm-devel
@@ -559,6 +563,12 @@ Group: Applications/System
 # Needed for ctypes, to load libraries, worked around for Live CDs size
 # Requires: binutils
 
+# expat 2.1.0 added the symbol XML_SetHashSalt without bumping SONAME.  We use
+# this symbol (in pyexpat), so we must explicitly state this dependency to
+# prevent "import pyexpat" from failing with a linker error if someone hasn't
+# yet upgraded expat:
+Requires: expat >= 2.1.0
+
 %description libs
 This package contains runtime libraries for use by Python:
 - the libpython dynamic library, for use by applications that embed Python as
@@ -1804,6 +1814,10 @@ rm -fr %{buildroot}
 # ======================================================
 
 %changelog
+* Thu Apr 19 2012 David Malcolm <dmalcolm at redhat.com> - 2.7.3-3
+- add explicit version requirements on expat to avoid linkage problems with
+XML_SetHashSalt
+
 * Wed Apr 18 2012 David Malcolm <dmalcolm at redhat.com> - 2.7.3-2
 - fix -config symlinks (patch 112; rhbz#813836)

More information about the scm-commits mailing list