[python-djblets/el5] Use the system feedparser.py
Stephen Gallagher
sgallagh at fedoraproject.org
Wed Aug 8 20:06:18 UTC 2012
commit 85226c3158ea517155cdf53c0792c28fc2e0546d
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Wed Aug 8 16:06:04 2012 -0400
Use the system feedparser.py
- Resolves: rhbz#846760 - Current version of python-djblets in Fedora EPEL-5
contains embeded copy of python-feedparser, vulnerable to CVE-2009-5065,
CVE-2011-1156, CVE-2011-1157, and CVE-2011-1158
0002-Use-system-feedparser-if-available.patch | 28 +++++++++++++++++++++++++
python-djblets.spec | 14 +++++++++--
2 files changed, 39 insertions(+), 3 deletions(-)
---
diff --git a/0002-Use-system-feedparser-if-available.patch b/0002-Use-system-feedparser-if-available.patch
new file mode 100644
index 0000000..1418689
--- /dev/null
+++ b/0002-Use-system-feedparser-if-available.patch
@@ -0,0 +1,28 @@
+From af0c2035c2a82f3468abf54f6a83b782a45cdbf7 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh at redhat.com>
+Date: Wed, 8 Aug 2012 14:06:57 -0400
+Subject: [PATCH] Use system feedparser if available
+
+---
+ djblets/feedview/views.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/djblets/feedview/views.py b/djblets/feedview/views.py
+index fcd4e6b6a933ce3a590d9e74fd36f15624baf820..ff26cbd3c19ad7b59ac76c3fe92a48637250252d 100644
+--- a/djblets/feedview/views.py
++++ b/djblets/feedview/views.py
+@@ -19,7 +19,10 @@ def view_feed(request, url, template_name="feedview/feed-page.html",
+ a cached copy if available in order to reduce hits to the server.
+ """
+ def fetch_feed():
+- from djblets.feedview import feedparser
++ try:
++ import feedparser
++ except ImportError:
++ from djblets.feedview import feedparser
+
+ data = urllib2.urlopen(url).read()
+
+--
+1.7.11.2
+
diff --git a/python-djblets.spec b/python-djblets.spec
index 9eb1709..d2a4460 100644
--- a/python-djblets.spec
+++ b/python-djblets.spec
@@ -5,7 +5,7 @@
Name: python-djblets
Version: 0.6.10
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A collection of useful classes and functions for Django
Group: Applications/Internet
# Djblets is MIT licensed:
@@ -25,6 +25,7 @@ Requires: Django >= 1.1.1
Requires: python-imaging
Patch1000: FED01-Disable-ez_setup-when-installing-by-RPM.patch
+Patch0002: 0002-Use-system-feedparser-if-available.patch
%description
A collection of useful classes and functions for Django
@@ -32,6 +33,7 @@ A collection of useful classes and functions for Django
%prep
%setup -q -n Djblets-%{version}
%patch1000 -p1
+%patch0002 -p1
%build
%{__python} setup.py build
@@ -41,8 +43,8 @@ rm -rf $RPM_BUILD_ROOT
%{__python} setup.py install --root $RPM_BUILD_ROOT
-# feedparser.py has a shebang, and has a runnable __main__; make it executable:
-chmod +x $RPM_BUILD_ROOT%{python_sitelib}/djblets/feedview/feedparser.py
+# Remove bundled copy of feedparser.py
+rm -f $RPM_BUILD_ROOT%{python_sitelib}/djblets/feedview/feedparser.py*
# Remove the "tests" subdirectory to avoid it polluting the main python
# namespace:
@@ -58,6 +60,12 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitelib}/djblets/
%changelog
+* Wed Aug 08 2012 Stephen Gallagher <sgallagh at redhat.com> - 0.6.10-2
+- Use the system feedparser.py
+- Resolves: rhbz#846760 - Current version of python-djblets in Fedora EPEL-5
+ contains embeded copy of python-feedparser, vulnerable to CVE-2009-5065,
+ CVE-2011-1156, CVE-2011-1157, and CVE-2011-1158
+
* Mon Aug 22 2011 Stephen Gallagher <sgallagh at redhat.com> - 0.6.10-1
- New upstream release 0.6.10
- Required for ReviewBoard 1.5.6
More information about the scm-commits
mailing list