[python-djblets/el6] Use the system feedparser.py
Stephen Gallagher
sgallagh at fedoraproject.org
Wed Aug 8 19:37:39 UTC 2012
commit 0247bcf2e90f39a63dc1f611f6f8685bc1fdc6cf
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Wed Aug 8 14:25:40 2012 -0400
Use the system feedparser.py
- Resolves: rhbz#846762 - Current version of python-djblets in Fedora EPEL-6
contains embeded copy of python-feedparser, vulnerable to CVE-2009-5065,
CVE-2011-1156, CVE-2011-1157, and CVE-2011-1158
0002-Use-system-feedparser-if-available.patch | 28 +++++++++++++++++++++++++
python-djblets.spec | 15 ++++++++++--
2 files changed, 40 insertions(+), 3 deletions(-)
---
diff --git a/0002-Use-system-feedparser-if-available.patch b/0002-Use-system-feedparser-if-available.patch
new file mode 100644
index 0000000..1418689
--- /dev/null
+++ b/0002-Use-system-feedparser-if-available.patch
@@ -0,0 +1,28 @@
+From af0c2035c2a82f3468abf54f6a83b782a45cdbf7 Mon Sep 17 00:00:00 2001
+From: Stephen Gallagher <sgallagh at redhat.com>
+Date: Wed, 8 Aug 2012 14:06:57 -0400
+Subject: [PATCH] Use system feedparser if available
+
+---
+ djblets/feedview/views.py | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/djblets/feedview/views.py b/djblets/feedview/views.py
+index fcd4e6b6a933ce3a590d9e74fd36f15624baf820..ff26cbd3c19ad7b59ac76c3fe92a48637250252d 100644
+--- a/djblets/feedview/views.py
++++ b/djblets/feedview/views.py
+@@ -19,7 +19,10 @@ def view_feed(request, url, template_name="feedview/feed-page.html",
+ a cached copy if available in order to reduce hits to the server.
+ """
+ def fetch_feed():
+- from djblets.feedview import feedparser
++ try:
++ import feedparser
++ except ImportError:
++ from djblets.feedview import feedparser
+
+ data = urllib2.urlopen(url).read()
+
+--
+1.7.11.2
+
diff --git a/python-djblets.spec b/python-djblets.spec
index 16ee32f..f48641b 100644
--- a/python-djblets.spec
+++ b/python-djblets.spec
@@ -5,7 +5,7 @@
Name: python-djblets
Version: 0.6.22
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A collection of useful classes and functions for Django
Group: Applications/Internet
# Djblets is MIT licensed:
@@ -27,8 +27,10 @@ Requires: python-django >= 1.1.1
Requires: Django >= 1.1.1
%endif
Requires: python-imaging
+Requires: python-feedparser
Patch0001: 0001-Conditionalize-ez_setup.patch
+Patch0002: 0002-Use-system-feedparser-if-available.patch
%description
A collection of useful classes and functions for Django
@@ -36,6 +38,7 @@ A collection of useful classes and functions for Django
%prep
%setup -q -n Djblets-%{version}
%patch0001 -p1
+%patch0002 -p1
# Remove packaged egg-info so it's regenerated by setup.py
rm -Rf Djblets*.egg-info
@@ -48,8 +51,8 @@ rm -rf $RPM_BUILD_ROOT
%{__python} setup.py install --root $RPM_BUILD_ROOT
-# feedparser.py has a shebang, and has a runnable __main__; make it executable:
-chmod +x $RPM_BUILD_ROOT%{python_sitelib}/djblets/feedview/feedparser.py
+# Remove bundled copy of feedparser.py
+rm -f $RPM_BUILD_ROOT%{python_sitelib}/djblets/feedview/feedparser.py*
# Remove the "tests" subdirectory to avoid it polluting the main python
# namespace:
@@ -65,6 +68,12 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitelib}/djblets/
%changelog
+* Wed Aug 08 2012 Stephen Gallagher <sgallagh at redhat.com> - 0.6.22-2
+- Use the system feedparser.py
+- Resolves: rhbz#846762 - Current version of python-djblets in Fedora EPEL-6
+ contains embeded copy of python-feedparser, vulnerable to CVE-2009-5065,
+ CVE-2011-1156, CVE-2011-1157, and CVE-2011-1158
+
* Tue Jul 31 2012 Stephen Gallagher <sgallagh at redhat.com> - 0.6.22-1
- New upstream releae 0.6.22
- Fixes to support Review Board 1.6.11
More information about the scm-commits
mailing list