Add patches from Avram Lubkin

0001-Fully-fix-iterparse-defusing-on-Python-3.6.patch

@@ -1,101 +0,0 @@
-From 9b9517ec7dfac674052d41ec96e4c85e197f3228 Mon Sep 17 00:00:00 2001
-From: Adam Williamson <awilliam@redhat.com>
-Date: Thu, 22 Dec 2016 12:38:03 -0800
-Subject: [PATCH] Fully fix iterparse() defusing on Python 3.6
-
-Python 3.3 did a very thorough job of hiding the pure-Python
-iterparse() from defusedxml, so we had to not use iterparse()
-directly, but find and use the pure-Python _IterParseIterator
-instead. This trick breaks with Python 3.6, though, because
-_IterParseIterator is no longer accessible externally at all.
-
-However, it turns out Python 3.3's approach to iterparse() was
-a one-off: the implementation of the C accelerator stuff was
-changed again in 3.4, and from 3.4 onwards we should be getting
-the pure-Python iterparse() again. So we can make the private
-iterator access dodge specific to Python 3.3, and just use the
-simple code which uses iterparse() directly - which we were
-only using for Python 2.7 until now - for Python 3.2 and 3.4+.
----
- defusedxml/ElementTree.py | 16 ++++++++++------
- defusedxml/common.py      |  7 +++++--
- 2 files changed, 15 insertions(+), 8 deletions(-)
-
-diff --git a/defusedxml/ElementTree.py b/defusedxml/ElementTree.py
-index 8c46064..28ffce0 100644
---- a/defusedxml/ElementTree.py
-+++ b/defusedxml/ElementTree.py
-@@ -8,7 +8,7 @@
- from __future__ import print_function, absolute_import
- 
- import sys
--from .common import PY3, PY26, PY31
-+from .common import PY3, PY26, PY31, PY33
- if PY3:
-     import importlib
- else:
-@@ -29,7 +29,7 @@ from .common import (DTDForbidden, EntitiesForbidden,
- __origin__ = "xml.etree.ElementTree"
- 
- def _get_py3_cls():
--    """Python 3.3 hides the pure Python code but defusedxml requires it.
-+    """Python 3.3+ hide the pure Python code but defusedxml requires it.
- 
-     The code is based on test.support.import_fresh_module().
-     """
-@@ -49,12 +49,16 @@ def _get_py3_cls():
- 
-     _XMLParser = pure_pymod.XMLParser
-     _iterparse = pure_pymod.iterparse
--    if PY31 or sys.version_info >= (3, 6):
--        _IterParseIterator = None
-+    ParseError = pure_pymod.ParseError
-+    _IterParseIterator = None
-+    if PY31:
-         from xml.parsers.expat import ExpatError as ParseError
--    else:
-+    if PY33:
-+        # Python 3.3 specifically did some shenanigans to hide the
-+        # pure-Python iterparse() entirely, so we need to use the
-+        # this private iterator instead. All other Pythons don't have
-+        # this problem
-         _IterParseIterator = pure_pymod._IterParseIterator
--        ParseError = pure_pymod.ParseError
- 
-     return _XMLParser, _iterparse, _IterParseIterator, ParseError
- 
-diff --git a/defusedxml/common.py b/defusedxml/common.py
-index 5e5f8a2..53a5326 100644
---- a/defusedxml/common.py
-+++ b/defusedxml/common.py
-@@ -11,6 +11,7 @@ from types import MethodType
- PY3 = sys.version_info[0] == 3
- PY26 = sys.version_info[:2] == (2, 6)
- PY31 = sys.version_info[:2] == (3, 1)
-+PY33 = sys.version_info[:2] == (3, 3)
- 
- 
- class DefusedXmlException(ValueError):
-@@ -126,7 +127,9 @@ def _generate_etree_functions(DefusedXMLParser, _TreeBuilder,
-                 bind(xmlparser, "defused_external_entity_ref_handler",
-                      "ExternalEntityRefHandler")
-             return it
--    elif PY3:
-+    elif PY33:
-+        # pure-Python iterparse() is completely hidden on Python 3.3,
-+        # we have to use the backing _IterParseIterator
-         def iterparse(source, events=None, parser=None, forbid_dtd=False,
-                       forbid_entities=True, forbid_external=True):
-             close_source = False
-@@ -140,7 +143,7 @@ def _generate_etree_functions(DefusedXMLParser, _TreeBuilder,
-                                           forbid_external=forbid_external)
-             return _IterParseIterator(source, events, parser, close_source)
-     else:
--        # Python 2.7
-+        # Python 2.7, Python 3.2, Python 3.4+
-         def iterparse(source, events=None, parser=None, forbid_dtd=False,
-                       forbid_entities=True, forbid_external=True):
-             if parser is None:
--- 
-2.11.0
-

python-defusedxml-python36-broken.patch

@@ -1,22 +0,0 @@
-From 1d342237b560e29e8401d0a22a776b52b09e0ae2 Mon Sep 17 00:00:00 2001
-From: Christian Heimes <christian@python.org>
-Date: Wed, 24 Aug 2016 10:08:34 +0200
-Subject: [PATCH] Python 3.6 no _IterParseIterator class
-
----
- defusedxml/ElementTree.py | 2 +-
- 1 files changed, 1 insertions(+), 1 deletion(-)
-
-diff --git a/defusedxml/ElementTree.py b/defusedxml/ElementTree.py
-index a2f1f58..8c46064 100644
---- a/defusedxml/ElementTree.py
-+++ b/defusedxml/ElementTree.py
-@@ -49,7 +49,7 @@ def _get_py3_cls():
- 
-     _XMLParser = pure_pymod.XMLParser
-     _iterparse = pure_pymod.iterparse
--    if PY31:
-+    if PY31 or sys.version_info >= (3, 6):
-         _IterParseIterator = None
-         from xml.parsers.expat import ExpatError as ParseError
-     else:

python-defusedxml.spec

@@ -1,25 +1,18 @@
-%global with_python3 0
+%global with_python3 1
 %global pypi_name defusedxml
 
 Name:           python-%{pypi_name}
 Version:        0.4.1
-Release:        9%{?dist}
+Release:        4%{?dist}
 Summary:        XML bomb protection for Python stdlib modules
 License:        Python
-# Note: upstream git now appears to be at https://github.com/tiran/defusedxml
-# not bitbucket as pypi says
 URL:            https://bitbucket.org/tiran/defusedxml
 Source0:        http://pypi.python.org/packages/source/d/%{pypi_name}/%{pypi_name}-%{version}.tar.gz
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=927883#c14
 Patch0:         %{name}-entity_loop.patch
 Patch1:         %{name}-format_strings.patch
-# This is https://github.com/tiran/defusedxml/commit/1d342237b560e29e8401d0a22a776b52b09e0ae2
-# rediffed on 0.4.1 . It doesn't really fix anything, but is necessary
-# for the real fix to apply without rediffing.
-Patch2:         %{name}-python36-broken.patch
-# Real fix for Python 3.6: https://github.com/tiran/defusedxml/pull/4
-Patch3:         0001-Fully-fix-iterparse-defusing-on-Python-3.6.patch
+
 
 BuildArch:      noarch
 
@@ -31,6 +24,7 @@ BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
 %endif
 
+
 %description
 The defusedxml package contains several Python-only workarounds and fixes for
 denial of service and other vulnerabilities in Python's XML libraries. In order
@@ -38,21 +32,9 @@ to benefit from the protection you just have to import and use the listed
 functions / classes from the right defusedxml module instead of the original
 module.
 
-%package -n python2-%{pypi_name}
-Summary:        XML bomb protection for Python stdlib modules
-%{?python_provide:%python_provide python2-%{pypi_name}}
-
-%description -n python2-%{pypi_name}
-The defusedxml package contains several Python-only workarounds and fixes for
-denial of service and other vulnerabilities in Python's XML libraries. In order
-to benefit from the protection you just have to import and use the listed
-functions / classes from the right defusedxml module instead of the original
-module.
-
 %if 0%{?with_python3}
 %package -n python3-%{pypi_name}
 Summary:        XML bomb protection for Python stdlib modules
-%{?python_provide:%python_provide python3-%{pypi_name}}
 
 %description -n python3-%{pypi_name}
 The defusedxml package contains several Python-only workarounds and fixes for
@@ -64,12 +46,8 @@ module.
 
 %prep
 %setup -q -n %{pypi_name}-%{version}
-%if 0%{?rhel}
 %patch0 -p1
-%endif
 %patch1 -p1
-%patch2 -p1
-%patch3 -p1
 
 %if 0%{?with_python3}
 rm -rf %{py3dir}
@@ -101,40 +79,19 @@ pushd %{py3dir}
 popd
 %endif # with_python3
 
-%files -n python2-%{pypi_name}
-%doc README.txt README.html CHANGES.txt
-%license LICENSE
-%{python2_sitelib}/%{pypi_name}
-%{python2_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
+%files
+%doc README.txt README.html LICENSE CHANGES.txt
+%{python_sitelib}/%{pypi_name}
+%{python_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
 
 %if 0%{?with_python3}
 %files -n python3-%{pypi_name}
-%doc README.txt README.html CHANGES.txt
-%license LICENSE
+%doc README.txt README.html LICENSE CHANGES.txt
 %{python3_sitelib}/%{pypi_name}
 %{python3_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
 %endif # with_python3
 
 %changelog
-* Thu Dec 22 2016 Adam Williamson <awilliam@redhat.com> - 0.4.1-9
-- Fix incompatibility with Python 3.6 (gh#3 / gh#4)
-
-* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com>
-- Rebuild for Python 3.6
-
-* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-8
-- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
-
-* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
-
-* Sun Nov 15 2015 Ralph Bean <rbean@redhat.com> - 0.4.1-6
-- Added explicit python2 subpackage with modern provides statement.
-- Only apply the entity_loop patch on enterprisey builds.
-
-* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-5
-- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
-
 * Wed Aug 05 2015 Miro Hrončok <mhroncok@redhat.com> - 0.4.1-4
 - Add patches by Avram Lubkin
 - https://bugzilla.redhat.com/show_bug.cgi?id=927883#c14