BR python-setuptools not python2-setuptools

This is just temporary so we can do a final clean rebase of the
EL6 branch before they fork (0.5.0 drops Python 2.6 support so
it can't go to EL6).

0001-Fully-fix-iterparse-defusing-on-Python-3.6.patch

@@ -0,0 +1,101 @@
+From 9b9517ec7dfac674052d41ec96e4c85e197f3228 Mon Sep 17 00:00:00 2001
+From: Adam Williamson <awilliam@redhat.com>
+Date: Thu, 22 Dec 2016 12:38:03 -0800
+Subject: [PATCH] Fully fix iterparse() defusing on Python 3.6
+
+Python 3.3 did a very thorough job of hiding the pure-Python
+iterparse() from defusedxml, so we had to not use iterparse()
+directly, but find and use the pure-Python _IterParseIterator
+instead. This trick breaks with Python 3.6, though, because
+_IterParseIterator is no longer accessible externally at all.
+
+However, it turns out Python 3.3's approach to iterparse() was
+a one-off: the implementation of the C accelerator stuff was
+changed again in 3.4, and from 3.4 onwards we should be getting
+the pure-Python iterparse() again. So we can make the private
+iterator access dodge specific to Python 3.3, and just use the
+simple code which uses iterparse() directly - which we were
+only using for Python 2.7 until now - for Python 3.2 and 3.4+.
+---
+ defusedxml/ElementTree.py | 16 ++++++++++------
+ defusedxml/common.py      |  7 +++++--
+ 2 files changed, 15 insertions(+), 8 deletions(-)
+
+diff --git a/defusedxml/ElementTree.py b/defusedxml/ElementTree.py
+index 8c46064..28ffce0 100644
+--- a/defusedxml/ElementTree.py
++++ b/defusedxml/ElementTree.py
+@@ -8,7 +8,7 @@
+ from __future__ import print_function, absolute_import
+ 
+ import sys
+-from .common import PY3, PY26, PY31
++from .common import PY3, PY26, PY31, PY33
+ if PY3:
+     import importlib
+ else:
+@@ -29,7 +29,7 @@ from .common import (DTDForbidden, EntitiesForbidden,
+ __origin__ = "xml.etree.ElementTree"
+ 
+ def _get_py3_cls():
+-    """Python 3.3 hides the pure Python code but defusedxml requires it.
++    """Python 3.3+ hide the pure Python code but defusedxml requires it.
+ 
+     The code is based on test.support.import_fresh_module().
+     """
+@@ -49,12 +49,16 @@ def _get_py3_cls():
+ 
+     _XMLParser = pure_pymod.XMLParser
+     _iterparse = pure_pymod.iterparse
+-    if PY31 or sys.version_info >= (3, 6):
+-        _IterParseIterator = None
++    ParseError = pure_pymod.ParseError
++    _IterParseIterator = None
++    if PY31:
+         from xml.parsers.expat import ExpatError as ParseError
+-    else:
++    if PY33:
++        # Python 3.3 specifically did some shenanigans to hide the
++        # pure-Python iterparse() entirely, so we need to use the
++        # this private iterator instead. All other Pythons don't have
++        # this problem
+         _IterParseIterator = pure_pymod._IterParseIterator
+-        ParseError = pure_pymod.ParseError
+ 
+     return _XMLParser, _iterparse, _IterParseIterator, ParseError
+ 
+diff --git a/defusedxml/common.py b/defusedxml/common.py
+index 5e5f8a2..53a5326 100644
+--- a/defusedxml/common.py
++++ b/defusedxml/common.py
+@@ -11,6 +11,7 @@ from types import MethodType
+ PY3 = sys.version_info[0] == 3
+ PY26 = sys.version_info[:2] == (2, 6)
+ PY31 = sys.version_info[:2] == (3, 1)
++PY33 = sys.version_info[:2] == (3, 3)
+ 
+ 
+ class DefusedXmlException(ValueError):
+@@ -126,7 +127,9 @@ def _generate_etree_functions(DefusedXMLParser, _TreeBuilder,
+                 bind(xmlparser, "defused_external_entity_ref_handler",
+                      "ExternalEntityRefHandler")
+             return it
+-    elif PY3:
++    elif PY33:
++        # pure-Python iterparse() is completely hidden on Python 3.3,
++        # we have to use the backing _IterParseIterator
+         def iterparse(source, events=None, parser=None, forbid_dtd=False,
+                       forbid_entities=True, forbid_external=True):
+             close_source = False
+@@ -140,7 +143,7 @@ def _generate_etree_functions(DefusedXMLParser, _TreeBuilder,
+                                           forbid_external=forbid_external)
+             return _IterParseIterator(source, events, parser, close_source)
+     else:
+-        # Python 2.7
++        # Python 2.7, Python 3.2, Python 3.4+
+         def iterparse(source, events=None, parser=None, forbid_dtd=False,
+                       forbid_entities=True, forbid_external=True):
+             if parser is None:
+-- 
+2.11.0
+

python-defusedxml-python36-broken.patch

@@ -0,0 +1,22 @@
+From 1d342237b560e29e8401d0a22a776b52b09e0ae2 Mon Sep 17 00:00:00 2001
+From: Christian Heimes <christian@python.org>
+Date: Wed, 24 Aug 2016 10:08:34 +0200
+Subject: [PATCH] Python 3.6 no _IterParseIterator class
+
+---
+ defusedxml/ElementTree.py | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletion(-)
+
+diff --git a/defusedxml/ElementTree.py b/defusedxml/ElementTree.py
+index a2f1f58..8c46064 100644
+--- a/defusedxml/ElementTree.py
++++ b/defusedxml/ElementTree.py
+@@ -49,7 +49,7 @@ def _get_py3_cls():
+ 
+     _XMLParser = pure_pymod.XMLParser
+     _iterparse = pure_pymod.iterparse
+-    if PY31:
++    if PY31 or sys.version_info >= (3, 6):
+         _IterParseIterator = None
+         from xml.parsers.expat import ExpatError as ParseError
+     else:

python-defusedxml.spec

@@ -1,18 +1,25 @@
-%global with_python3 1
+%global with_python3 0
 %global pypi_name defusedxml
 
 Name:           python-%{pypi_name}
 Version:        0.4.1
-Release:        4%{?dist}
+Release:        9%{?dist}
 Summary:        XML bomb protection for Python stdlib modules
 License:        Python
+# Note: upstream git now appears to be at https://github.com/tiran/defusedxml
+# not bitbucket as pypi says
 URL:            https://bitbucket.org/tiran/defusedxml
 Source0:        http://pypi.python.org/packages/source/d/%{pypi_name}/%{pypi_name}-%{version}.tar.gz
 
 # https://bugzilla.redhat.com/show_bug.cgi?id=927883#c14
 Patch0:         %{name}-entity_loop.patch
 Patch1:         %{name}-format_strings.patch
-
+# This is https://github.com/tiran/defusedxml/commit/1d342237b560e29e8401d0a22a776b52b09e0ae2
+# rediffed on 0.4.1 . It doesn't really fix anything, but is necessary
+# for the real fix to apply without rediffing.
+Patch2:         %{name}-python36-broken.patch
+# Real fix for Python 3.6: https://github.com/tiran/defusedxml/pull/4
+Patch3:         0001-Fully-fix-iterparse-defusing-on-Python-3.6.patch
 
 BuildArch:      noarch
 
@@ -24,7 +31,6 @@ BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
 %endif
 
-
 %description
 The defusedxml package contains several Python-only workarounds and fixes for
 denial of service and other vulnerabilities in Python's XML libraries. In order
@@ -32,9 +38,21 @@ to benefit from the protection you just have to import and use the listed
 functions / classes from the right defusedxml module instead of the original
 module.
 
+%package -n python2-%{pypi_name}
+Summary:        XML bomb protection for Python stdlib modules
+%{?python_provide:%python_provide python2-%{pypi_name}}
+
+%description -n python2-%{pypi_name}
+The defusedxml package contains several Python-only workarounds and fixes for
+denial of service and other vulnerabilities in Python's XML libraries. In order
+to benefit from the protection you just have to import and use the listed
+functions / classes from the right defusedxml module instead of the original
+module.
+
 %if 0%{?with_python3}
 %package -n python3-%{pypi_name}
 Summary:        XML bomb protection for Python stdlib modules
+%{?python_provide:%python_provide python3-%{pypi_name}}
 
 %description -n python3-%{pypi_name}
 The defusedxml package contains several Python-only workarounds and fixes for
@@ -46,8 +64,12 @@ module.
 
 %prep
 %setup -q -n %{pypi_name}-%{version}
+%if 0%{?rhel}
 %patch0 -p1
+%endif
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1
 
 %if 0%{?with_python3}
 rm -rf %{py3dir}
@@ -79,19 +101,40 @@ pushd %{py3dir}
 popd
 %endif # with_python3
 
-%files
-%doc README.txt README.html LICENSE CHANGES.txt
-%{python_sitelib}/%{pypi_name}
-%{python_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
+%files -n python2-%{pypi_name}
+%doc README.txt README.html CHANGES.txt
+%license LICENSE
+%{python2_sitelib}/%{pypi_name}
+%{python2_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
 
 %if 0%{?with_python3}
 %files -n python3-%{pypi_name}
-%doc README.txt README.html LICENSE CHANGES.txt
+%doc README.txt README.html CHANGES.txt
+%license LICENSE
 %{python3_sitelib}/%{pypi_name}
 %{python3_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
 %endif # with_python3
 
 %changelog
+* Thu Dec 22 2016 Adam Williamson <awilliam@redhat.com> - 0.4.1-9
+- Fix incompatibility with Python 3.6 (gh#3 / gh#4)
+
+* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com>
+- Rebuild for Python 3.6
+
+* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-8
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Sun Nov 15 2015 Ralph Bean <rbean@redhat.com> - 0.4.1-6
+- Added explicit python2 subpackage with modern provides statement.
+- Only apply the entity_loop patch on enterprisey builds.
+
+* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
+
 * Wed Aug 05 2015 Miro Hrončok <mhroncok@redhat.com> - 0.4.1-4
 - Add patches by Avram Lubkin
 - https://bugzilla.redhat.com/show_bug.cgi?id=927883#c14