[ For the security team, it looks like python-django 1.4.5-1+deb7u1 has
been misbuilt, can I upload a fixed 1.4.5-1+deb7u2 ? ]
Hi,
On Sat, 31 Aug 2013, Sebastien Helleu wrote:
> I noticed in the python-django security update (1.4.5-1+deb7u1) that jquery
> symlinks are missing in package (compared to package 1.4.5-1).
Here's the debdiff between both:
$ debdiff python-django_1.4.5-1_all.deb python-django_1.4.5-1+deb7u1_all.deb
[The following lists of changes regard files as different if they have
different names, permissions or owners.]
Files in second .deb but not in first
-------------------------------------
lrwxrwxrwx root/root
/usr/lib/python2.6/dist-packages/django/contrib/admin/static/admin/js/jquery.js
-> ../../../../../../../../../share/javascript/jquery/jquery.js
lrwxrwxrwx root/root
/usr/lib/python2.6/dist-packages/django/contrib/admin/static/admin/js/jquery.min.js
-> ../../../../../../../../../share/javascript/jquery/jquery.min.js
lrwxrwxrwx root/root
/usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin/js/jquery.js
-> ../../../../../../../../../share/javascript/jquery/jquery.js
lrwxrwxrwx root/root
/usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin/js/jquery.min.js
-> ../../../../../../../../../share/javascript/jquery/jquery.min.js
Files in first .deb but not in second
-------------------------------------
lrwxrwxrwx root/root
/usr/lib/python2.6/dist-packages/django/contrib/admin/static/admin/js/jquery.js
->
../../../../../../../../../share/pyshared/django/contrib/admin/static/admin/js/jquery.js
lrwxrwxrwx root/root
/usr/lib/python2.6/dist-packages/django/contrib/admin/static/admin/js/jquery.min.js
->
../../../../../../../../../share/pyshared/django/contrib/admin/static/admin/js/jquery.min.js
lrwxrwxrwx root/root
/usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin/js/jquery.js
->
../../../../../../../../../share/pyshared/django/contrib/admin/static/admin/js/jquery.js
lrwxrwxrwx root/root
/usr/lib/python2.7/dist-packages/django/contrib/admin/static/admin/js/jquery.min.js
->
../../../../../../../../../share/pyshared/django/contrib/admin/static/admin/js/jquery.min.js
lrwxrwxrwx root/root
/usr/share/pyshared/django/contrib/admin/static/admin/js/jquery.js ->
../../../../../../../javascript/jquery/jquery.js
lrwxrwxrwx root/root
/usr/share/pyshared/django/contrib/admin/static/admin/js/jquery.min.js ->
../../../../../../../javascript/jquery/jquery.min.js
Control files: lines which differ (wdiff format)
------------------------------------------------
Version: [-1.4.5-1-] {+1.4.5-1+deb7u1+}
> In the 1.4.5-1, I can see these 2 symlinks:
>
> ../usr/share/pyshared/django/contrib/admin/static/admin/js/jquery.js ->
> ../../../../../../../javascript/jquery/jquery.js
> ../usr/share/pyshared/django/contrib/admin/static/admin/js/jquery.min.js ->
> ../../../../../../../javascript/jquery/jquery.min.js
Right, those two symlinks went away for some unknown reasons but they
shouldn't be used... since they are in /usr/share/pyshared/. The files
that matter are those in /usr/lib/python2.[67]/, no?
Are those symlinks broken (for example still pointing to
/usr/share/pyshared/) or is there something else going on?
I tried installing 1.4.5-1 and upgrading to 1.4.5-1+deb7u1 but the
symlinks in /usr/lib/python2.[67]/ are fine...
> Is it a packaging problem in 1.4.5-1+deb7u1 ?
>
> Important: maybe other files are missing, I did not check all files in the
> package.
debdiff says that there are no other changes.
I have tried rebuilding the package in a clean wheezy chroot and I have no
changes compared to 1.4.5-1, so this package is somehow misbuilt.
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
