Compare commits
31 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
411cf197e5 | ||
|
|
9965d9949c | ||
|
|
5145231968 | ||
|
|
e4cec5baab | ||
|
|
9c63215dec | ||
|
|
39b34e2c41 | ||
|
|
5448c8d699 | ||
|
|
566787137e | ||
|
|
9123810641 | ||
|
|
6bae04a203 | ||
|
|
082a4dbedd | ||
|
|
38eed839d4 | ||
|
|
a3fd36dd25 | ||
|
|
08592600c3 | ||
|
|
b0ba67f931 | ||
|
|
b6287a6c82 | ||
|
|
a8d1c871ee | ||
|
|
0f762e05f7 | ||
|
|
85a145e648 | ||
|
|
30fd0c53c2 | ||
|
|
2864d19e19 | ||
|
|
967467ab0f | ||
|
|
a7078684c6 | ||
|
|
309267b58f | ||
|
|
35fcd07e94 | ||
|
|
047317282f | ||
|
|
164962eaa9 | ||
|
|
5883a22562 | ||
|
|
c9f4578f9e | ||
|
|
898114da0e | ||
|
|
e646a49ec8 |
4
.gitignore
vendored
4
.gitignore
vendored
@@ -1,2 +1,6 @@
|
||||
/defusedxml-0.4.tar.gz
|
||||
/defusedxml-0.4.1.tar.gz
|
||||
/defusedxml-0.5.0.tar.gz
|
||||
/defusedxml-0.6.0.tar.gz
|
||||
/defusedxml-0.7.0rc1.tar.gz
|
||||
/defusedxml-0.7.0rc2.tar.gz
|
||||
|
||||
@@ -1,52 +0,0 @@
|
||||
diff -ru defusedxml-0.4.1-orig/tests.py defusedxml-0.4.1/tests.py
|
||||
--- defusedxml-0.4.1-orig/tests.py 2015-07-17 05:28:36.501213026 +0000
|
||||
+++ defusedxml-0.4.1/tests.py 2015-07-17 05:21:51.633843568 +0000
|
||||
@@ -133,11 +133,12 @@
|
||||
self.iterparse(self.xml_simple_ns)
|
||||
|
||||
def test_entities_forbidden(self):
|
||||
- self.assertRaises(EntitiesForbidden, self.parse, self.xml_bomb)
|
||||
+ self.assertRaises((EntitiesForbidden, XMLSyntaxError),
|
||||
+ self.parse, self.xml_bomb)
|
||||
self.assertRaises(EntitiesForbidden, self.parse, self.xml_quadratic)
|
||||
self.assertRaises(EntitiesForbidden, self.parse, self.xml_external)
|
||||
|
||||
- self.assertRaises(EntitiesForbidden, self.parseString,
|
||||
+ self.assertRaises((EntitiesForbidden, XMLSyntaxError), self.parseString,
|
||||
self.get_content(self.xml_bomb))
|
||||
self.assertRaises(EntitiesForbidden, self.parseString,
|
||||
self.get_content(self.xml_quadratic))
|
||||
@@ -157,8 +158,8 @@
|
||||
forbid_entities=False)
|
||||
|
||||
def test_dtd_forbidden(self):
|
||||
- self.assertRaises(DTDForbidden, self.parse, self.xml_bomb,
|
||||
- forbid_dtd=True)
|
||||
+ self.assertRaises((DTDForbidden, XMLSyntaxError), self.parse,
|
||||
+ self.xml_bomb, forbid_dtd=True)
|
||||
self.assertRaises(DTDForbidden, self.parse, self.xml_quadratic,
|
||||
forbid_dtd=True)
|
||||
self.assertRaises(DTDForbidden, self.parse, self.xml_external,
|
||||
@@ -166,7 +167,7 @@
|
||||
self.assertRaises(DTDForbidden, self.parse, self.xml_dtd,
|
||||
forbid_dtd=True)
|
||||
|
||||
- self.assertRaises(DTDForbidden, self.parseString,
|
||||
+ self.assertRaises((DTDForbidden, XMLSyntaxError), self.parseString,
|
||||
self.get_content(self.xml_bomb),
|
||||
forbid_dtd=True)
|
||||
self.assertRaises(DTDForbidden, self.parseString,
|
||||
@@ -355,8 +356,11 @@
|
||||
pass
|
||||
|
||||
def test_restricted_element1(self):
|
||||
- tree = self.module.parse(self.xml_bomb, forbid_dtd=False,
|
||||
- forbid_entities=False)
|
||||
+ try:
|
||||
+ tree = self.module.parse(self.xml_bomb, forbid_dtd=False,
|
||||
+ forbid_entities=False)
|
||||
+ except XMLSyntaxError:
|
||||
+ return
|
||||
root = tree.getroot()
|
||||
self.assertEqual(root.text, None)
|
||||
|
||||
@@ -1,63 +0,0 @@
|
||||
diff -ru defusedxml-0.4.1-orig/defusedxml/common.py defusedxml-0.4.1/defusedxml/common.py
|
||||
--- defusedxml-0.4.1-orig/defusedxml/common.py 2015-07-17 05:28:36.502213030 +0000
|
||||
+++ defusedxml-0.4.1/defusedxml/common.py 2015-07-22 11:22:24.203648541 +0000
|
||||
@@ -30,7 +30,7 @@
|
||||
self.pubid = pubid
|
||||
|
||||
def __str__(self):
|
||||
- tpl = "DTDForbidden(name='{}', system_id={!r}, public_id={!r})"
|
||||
+ tpl = "DTDForbidden(name='{0}', system_id={1!r}, public_id={2!r})"
|
||||
return tpl.format(self.name, self.sysid, self.pubid)
|
||||
|
||||
|
||||
@@ -47,7 +47,7 @@
|
||||
self.notation_name = notation_name
|
||||
|
||||
def __str__(self):
|
||||
- tpl = "EntitiesForbidden(name='{}', system_id={!r}, public_id={!r})"
|
||||
+ tpl = "EntitiesForbidden(name='{0}', system_id={1!r}, public_id={2!r})"
|
||||
return tpl.format(self.name, self.sysid, self.pubid)
|
||||
|
||||
|
||||
@@ -62,7 +62,7 @@
|
||||
self.pubid = pubid
|
||||
|
||||
def __str__(self):
|
||||
- tpl = "ExternalReferenceForbidden(system_id='{}', public_id={})"
|
||||
+ tpl = "ExternalReferenceForbidden(system_id='{0}', public_id={1})"
|
||||
return tpl.format(self.sysid, self.pubid)
|
||||
|
||||
|
||||
diff -ru defusedxml-0.4.1-orig/other/exploit_webdav.py defusedxml-0.4.1/other/exploit_webdav.py
|
||||
--- defusedxml-0.4.1-orig/other/exploit_webdav.py 2015-07-17 05:28:36.503213033 +0000
|
||||
+++ defusedxml-0.4.1/other/exploit_webdav.py 2015-07-22 11:23:15.893964297 +0000
|
||||
@@ -9,7 +9,7 @@
|
||||
import httplib
|
||||
|
||||
if len(sys.argv) != 2:
|
||||
- sys.exit("{} http://user:password@host:port/".format(sys.argv[0]))
|
||||
+ sys.exit("{0} http://user:password@host:port/".format(sys.argv[0]))
|
||||
|
||||
url = urlparse.urlparse(sys.argv[1])
|
||||
|
||||
diff -ru defusedxml-0.4.1-orig/other/exploit_xmlrpc.py defusedxml-0.4.1/other/exploit_xmlrpc.py
|
||||
--- defusedxml-0.4.1-orig/other/exploit_xmlrpc.py 2015-07-17 05:28:36.502213030 +0000
|
||||
+++ defusedxml-0.4.1/other/exploit_xmlrpc.py 2015-07-22 11:23:59.536230889 +0000
|
||||
@@ -7,7 +7,7 @@
|
||||
import urllib2
|
||||
|
||||
if len(sys.argv) != 2:
|
||||
- sys.exit("{} url".format(sys.argv[0]))
|
||||
+ sys.exit("{0} url".format(sys.argv[0]))
|
||||
|
||||
url = sys.argv[1]
|
||||
|
||||
@@ -32,7 +32,7 @@
|
||||
|
||||
req = urllib2.Request(url, data=xml, headers=headers)
|
||||
|
||||
-print("Sending request to {}".format(url))
|
||||
+print("Sending request to {0}".format(url))
|
||||
|
||||
resp = urllib2.urlopen(req)
|
||||
|
||||
@@ -1,29 +1,19 @@
|
||||
%global with_python3 1
|
||||
%global pypi_name defusedxml
|
||||
|
||||
%global pypi_name defusedxml
|
||||
%global base_version 0.7.0
|
||||
%global prerel rc2
|
||||
%global upstream_version %{base_version}%{?prerel}
|
||||
Name: python-%{pypi_name}
|
||||
Version: 0.4.1
|
||||
Release: 4%{?dist}
|
||||
Version: %{base_version}%{?prerel:~%{prerel}}
|
||||
Release: 1%{?dist}
|
||||
Summary: XML bomb protection for Python stdlib modules
|
||||
License: Python
|
||||
URL: https://bitbucket.org/tiran/defusedxml
|
||||
Source0: http://pypi.python.org/packages/source/d/%{pypi_name}/%{pypi_name}-%{version}.tar.gz
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=927883#c14
|
||||
Patch0: %{name}-entity_loop.patch
|
||||
Patch1: %{name}-format_strings.patch
|
||||
|
||||
URL: https://github.com/tiran/defusedxml
|
||||
Source0: %{pypi_source %{pypi_name} %{upstream_version}}
|
||||
|
||||
BuildArch: noarch
|
||||
|
||||
BuildRequires: python2-devel
|
||||
BuildRequires: python-setuptools
|
||||
|
||||
%if 0%{with_python3}
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3-setuptools
|
||||
%endif
|
||||
|
||||
BuildRequires: python%{python3_pkgversion}-devel
|
||||
BuildRequires: python%{python3_pkgversion}-setuptools
|
||||
|
||||
%description
|
||||
The defusedxml package contains several Python-only workarounds and fixes for
|
||||
@@ -32,66 +22,117 @@ to benefit from the protection you just have to import and use the listed
|
||||
functions / classes from the right defusedxml module instead of the original
|
||||
module.
|
||||
|
||||
%if 0%{?with_python3}
|
||||
%package -n python3-%{pypi_name}
|
||||
Summary: XML bomb protection for Python stdlib modules
|
||||
|
||||
%description -n python3-%{pypi_name}
|
||||
%package -n python%{python3_pkgversion}-%{pypi_name}
|
||||
Summary: %{summary}
|
||||
%{?python_provide:%python_provide python%{python3_pkgversion}-%{pypi_name}}
|
||||
|
||||
%description -n python%{python3_pkgversion}-%{pypi_name}
|
||||
The defusedxml package contains several Python-only workarounds and fixes for
|
||||
denial of service and other vulnerabilities in Python's XML libraries. In order
|
||||
to benefit from the protection you just have to import and use the listed
|
||||
functions / classes from the right defusedxml module instead of the original
|
||||
module.
|
||||
%endif # with_python3
|
||||
module. This is the python%{python3_pkgversion} build.
|
||||
|
||||
|
||||
%prep
|
||||
%setup -q -n %{pypi_name}-%{version}
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
|
||||
%if 0%{?with_python3}
|
||||
rm -rf %{py3dir}
|
||||
cp -a . %{py3dir}
|
||||
find %{py3dir} -name '*.py' | xargs sed -i '1s|^#!/bin/env python|#!%{__python3}|'
|
||||
%endif # with_python3
|
||||
%autosetup -p1 -n %{pypi_name}-%{upstream_version}
|
||||
|
||||
%build
|
||||
%{__python} setup.py build
|
||||
%if 0%{?with_python3}
|
||||
pushd %{py3dir}
|
||||
%{__python3} setup.py build
|
||||
popd
|
||||
%endif # with_python3
|
||||
%py3_build
|
||||
|
||||
%install
|
||||
%{__python} setup.py install --skip-build --root %{buildroot}
|
||||
%if 0%{?with_python3}
|
||||
pushd %{py3dir}
|
||||
%{__python3} setup.py install --skip-build --root %{buildroot}
|
||||
popd
|
||||
%endif # with_python3
|
||||
%py3_install
|
||||
|
||||
%check
|
||||
%{__python} tests.py
|
||||
%if 0%{?with_python3}
|
||||
pushd %{py3dir}
|
||||
%{__python3} tests.py
|
||||
popd
|
||||
%endif # with_python3
|
||||
%{python3} tests.py
|
||||
|
||||
%files
|
||||
%doc README.txt README.html LICENSE CHANGES.txt
|
||||
%{python_sitelib}/%{pypi_name}
|
||||
%{python_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
|
||||
|
||||
%if 0%{?with_python3}
|
||||
%files -n python3-%{pypi_name}
|
||||
%doc README.txt README.html LICENSE CHANGES.txt
|
||||
%{python3_sitelib}/%{pypi_name}
|
||||
%{python3_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
|
||||
%endif # with_python3
|
||||
%files -n python%{python3_pkgversion}-%{pypi_name}
|
||||
%doc README.txt README.html CHANGES.txt
|
||||
%license LICENSE
|
||||
%{python3_sitelib}/%{pypi_name}/
|
||||
%{python3_sitelib}/%{pypi_name}-%{upstream_version}-py%{python3_version}.egg-info/
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Jan 27 2021 Miro Hrončok <mhroncok@redhat.com> - 0.7.0~rc2-1
|
||||
- Update to 0.7.0rc2
|
||||
- Fixes: rhbz#1915522
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0~rc1-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.0~rc1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Sun May 24 2020 Miro Hrončok <mhroncok@redhat.com> - 0.7.0~rc1-2
|
||||
- Rebuilt for Python 3.9
|
||||
|
||||
* Mon May 04 2020 Miro Hrončok <mhroncok@redhat.com> - 0.7.0~rc1-1
|
||||
- Update to 0.7.0rc1
|
||||
|
||||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 0.6.0-4
|
||||
- Rebuilt for Python 3.8.0rc1 (#1748018)
|
||||
|
||||
* Sun Aug 18 2019 Miro Hrončok <mhroncok@redhat.com> - 0.6.0-3
|
||||
- Rebuilt for Python 3.8
|
||||
|
||||
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Thu May 09 2019 Miro Hrončok <mhroncok@redhat.com> - 0.6.0-1
|
||||
- Update to 0.6.0 (#1699639)
|
||||
- Remove Python 2 subpackage
|
||||
|
||||
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.0-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.0-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Mon Jun 18 2018 Miro Hrončok <mhroncok@redhat.com> - 0.5.0-5
|
||||
- Rebuilt for Python 3.7
|
||||
|
||||
* Mon Feb 12 2018 Iryna Shcherbina <ishcherb@redhat.com> - 0.5.0-4
|
||||
- Update Python 2 dependency declarations to new packaging standards
|
||||
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
|
||||
|
||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.0-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||
|
||||
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Fri Feb 10 2017 Adam Williamson <awilliam@redhat.com> - 0.5.0-1
|
||||
- Update to 0.5.0, drop merged/superseded patches
|
||||
- Enable Python 3 build for EPEL 7, per https://fedoraproject.org/wiki/PackagingDrafts:Python3EPEL
|
||||
- Drop format-string patch as Python 2.6 is no longer supported anyway
|
||||
- Update URL to github
|
||||
- Update source URL for pypi changes
|
||||
|
||||
* Thu Dec 22 2016 Adam Williamson <awilliam@redhat.com> - 0.4.1-9
|
||||
- Fix incompatibility with Python 3.6 (gh#3 / gh#4)
|
||||
|
||||
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com>
|
||||
- Rebuild for Python 3.6
|
||||
|
||||
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-8
|
||||
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
|
||||
|
||||
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||
|
||||
* Sun Nov 15 2015 Ralph Bean <rbean@redhat.com> - 0.4.1-6
|
||||
- Added explicit python2 subpackage with modern provides statement.
|
||||
- Only apply the entity_loop patch on enterprisey builds.
|
||||
|
||||
* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
|
||||
|
||||
* Wed Aug 05 2015 Miro Hrončok <mhroncok@redhat.com> - 0.4.1-4
|
||||
- Add patches by Avram Lubkin
|
||||
- https://bugzilla.redhat.com/show_bug.cgi?id=927883#c14
|
||||
|
||||
Reference in New Issue
Block a user