Add patches from Avram Lubkin

- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
2015-08-05 18:27:33 +02:00 · 2015-06-18 18:54:54 +00:00 · 2014-06-07 14:23:22 -05:00 · 2014-05-26 19:32:47 +02:00 · 2014-05-13 12:34:24 +02:00 · 2013-08-04 01:56:54 -05:00
5 changed files with 147 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 /defusedxml-0.4.tar.gz
+/defusedxml-0.4.1.tar.gz
--- a/python-defusedxml-entity_loop.patch
+++ b/python-defusedxml-entity_loop.patch
@@ -0,0 +1,52 @@
+diff -ru defusedxml-0.4.1-orig/tests.py defusedxml-0.4.1/tests.py
+--- defusedxml-0.4.1-orig/tests.py	2015-07-17 05:28:36.501213026 +0000
+++ defusedxml-0.4.1/tests.py	2015-07-17 05:21:51.633843568 +0000
+@@ -133,11 +133,12 @@
+             self.iterparse(self.xml_simple_ns)
+ 
+     def test_entities_forbidden(self):
+-        self.assertRaises(EntitiesForbidden, self.parse, self.xml_bomb)
+        self.assertRaises((EntitiesForbidden, XMLSyntaxError),
+                          self.parse, self.xml_bomb)
+         self.assertRaises(EntitiesForbidden, self.parse, self.xml_quadratic)
+         self.assertRaises(EntitiesForbidden, self.parse, self.xml_external)
+ 
+-        self.assertRaises(EntitiesForbidden, self.parseString,
+        self.assertRaises((EntitiesForbidden, XMLSyntaxError), self.parseString,
+                           self.get_content(self.xml_bomb))
+         self.assertRaises(EntitiesForbidden, self.parseString,
+                           self.get_content(self.xml_quadratic))
+@@ -157,8 +158,8 @@
+                           forbid_entities=False)
+ 
+     def test_dtd_forbidden(self):
+-        self.assertRaises(DTDForbidden, self.parse, self.xml_bomb,
+-                          forbid_dtd=True)
+        self.assertRaises((DTDForbidden, XMLSyntaxError), self.parse,
+                          self.xml_bomb, forbid_dtd=True)
+         self.assertRaises(DTDForbidden, self.parse, self.xml_quadratic,
+                           forbid_dtd=True)
+         self.assertRaises(DTDForbidden, self.parse, self.xml_external,
+@@ -166,7 +167,7 @@
+         self.assertRaises(DTDForbidden, self.parse, self.xml_dtd,
+                           forbid_dtd=True)
+ 
+-        self.assertRaises(DTDForbidden, self.parseString,
+        self.assertRaises((DTDForbidden, XMLSyntaxError), self.parseString,
+                           self.get_content(self.xml_bomb),
+                           forbid_dtd=True)
+         self.assertRaises(DTDForbidden, self.parseString,
+@@ -355,8 +356,11 @@
+         pass
+ 
+     def test_restricted_element1(self):
+-        tree = self.module.parse(self.xml_bomb, forbid_dtd=False,
+-                                 forbid_entities=False)
+        try:
+            tree = self.module.parse(self.xml_bomb, forbid_dtd=False,
+                                     forbid_entities=False)
+        except XMLSyntaxError:
+            return
+         root = tree.getroot()
+         self.assertEqual(root.text, None)
+ 
--- a/python-defusedxml-format_strings.patch
+++ b/python-defusedxml-format_strings.patch
@@ -0,0 +1,63 @@
+diff -ru defusedxml-0.4.1-orig/defusedxml/common.py defusedxml-0.4.1/defusedxml/common.py
+--- defusedxml-0.4.1-orig/defusedxml/common.py	2015-07-17 05:28:36.502213030 +0000
+++ defusedxml-0.4.1/defusedxml/common.py	2015-07-22 11:22:24.203648541 +0000
+@@ -30,7 +30,7 @@
+         self.pubid = pubid
+ 
+     def __str__(self):
+-        tpl = "DTDForbidden(name='{}', system_id={!r}, public_id={!r})"
+        tpl = "DTDForbidden(name='{0}', system_id={1!r}, public_id={2!r})"
+         return tpl.format(self.name, self.sysid, self.pubid)
+ 
+ 
+@@ -47,7 +47,7 @@
+         self.notation_name = notation_name
+ 
+     def __str__(self):
+-        tpl = "EntitiesForbidden(name='{}', system_id={!r}, public_id={!r})"
+        tpl = "EntitiesForbidden(name='{0}', system_id={1!r}, public_id={2!r})"
+         return tpl.format(self.name, self.sysid, self.pubid)
+ 
+ 
+@@ -62,7 +62,7 @@
+         self.pubid = pubid
+ 
+     def __str__(self):
+-        tpl = "ExternalReferenceForbidden(system_id='{}', public_id={})"
+        tpl = "ExternalReferenceForbidden(system_id='{0}', public_id={1})"
+         return tpl.format(self.sysid, self.pubid)
+ 
+ 
+diff -ru defusedxml-0.4.1-orig/other/exploit_webdav.py defusedxml-0.4.1/other/exploit_webdav.py
+--- defusedxml-0.4.1-orig/other/exploit_webdav.py	2015-07-17 05:28:36.503213033 +0000
+++ defusedxml-0.4.1/other/exploit_webdav.py	2015-07-22 11:23:15.893964297 +0000
+@@ -9,7 +9,7 @@
+ import httplib
+ 
+ if len(sys.argv) != 2:
+-    sys.exit("{} http://user:password@host:port/".format(sys.argv[0]))
+    sys.exit("{0} http://user:password@host:port/".format(sys.argv[0]))
+ 
+ url = urlparse.urlparse(sys.argv[1])
+ 
+diff -ru defusedxml-0.4.1-orig/other/exploit_xmlrpc.py defusedxml-0.4.1/other/exploit_xmlrpc.py
+--- defusedxml-0.4.1-orig/other/exploit_xmlrpc.py	2015-07-17 05:28:36.502213030 +0000
+++ defusedxml-0.4.1/other/exploit_xmlrpc.py	2015-07-22 11:23:59.536230889 +0000
+@@ -7,7 +7,7 @@
+ import urllib2
+ 
+ if len(sys.argv) != 2:
+-    sys.exit("{} url".format(sys.argv[0]))
+    sys.exit("{0} url".format(sys.argv[0]))
+ 
+ url = sys.argv[1]
+ 
+@@ -32,7 +32,7 @@
+ 
+ req = urllib2.Request(url, data=xml, headers=headers)
+ 
+-print("Sending request to {}".format(url))
+print("Sending request to {0}".format(url))
+ 
+ resp = urllib2.urlopen(req)
+
--- a/python-defusedxml.spec
+++ b/python-defusedxml.spec
@@ -2,12 +2,18 @@
 %global pypi_name defusedxml

 Name:           python-%{pypi_name}
-Version:        0.4
-Release:        1%{?dist}
+Version:        0.4.1
+Release:        4%{?dist}
 Summary:        XML bomb protection for Python stdlib modules
 License:        Python
 URL:            https://bitbucket.org/tiran/defusedxml
 Source0:        http://pypi.python.org/packages/source/d/%{pypi_name}/%{pypi_name}-%{version}.tar.gz
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=927883#c14
+Patch0:         %{name}-entity_loop.patch
+Patch1:         %{name}-format_strings.patch
+
+
 BuildArch:      noarch

 BuildRequires:  python2-devel
@@ -40,6 +46,9 @@ module.

 %prep
 %setup -q -n %{pypi_name}-%{version}
+%patch0 -p1
+%patch1 -p1
+
 %if 0%{?with_python3}
 rm -rf %{py3dir}
 cp -a . %{py3dir}
@@ -83,5 +92,24 @@ popd
 %endif # with_python3

 %changelog
+* Wed Aug 05 2015 Miro Hrončok <mhroncok@redhat.com> - 0.4.1-4
+- Add patches by Avram Lubkin
+- https://bugzilla.redhat.com/show_bug.cgi?id=927883#c14
+
+* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Mon May 26 2014 Miro Hrončok <mhroncok@redhat.com> - 0.4.1-1
+- Updated to 0.4.1 (#1100730)
+
+* Tue May 13 2014 Bohuslav Kabrda <bkabrda@redhat.com> - 0.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
 * Tue Mar 26 2013 Miro Hrončok <mhroncok@redhat.com> - 0.4-1
 - Initial package.
--- a/2
+++ b/2
@@ -1 +1 @@
-09873c31ce773d48b8a4759571655a2c  defusedxml-0.4.tar.gz
+230a5eff64f878b392478e30376d673a  defusedxml-0.4.1.tar.gz
Author	SHA1	Message	Date
Miro Hrončok	6839ef4a3b	Add patches from Avram Lubkin	2015-08-05 18:27:33 +02:00
Dennis Gilmore	1383f3e224	- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild	2015-06-18 18:54:54 +00:00
Dennis Gilmore	9c48f6a532	- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild	2014-06-07 14:23:22 -05:00
Miro Hrončok	c93d8674ee	Updated to 0.4.1 (#1100730 )	2014-05-26 19:32:47 +02:00
Slavek Kabrda	a28edff0f1	Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4	2014-05-13 12:34:24 +02:00
Dennis Gilmore	eac516ac24	- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild	2013-08-04 01:56:54 -05:00