Add 0.5.0 source tarball, d'oh

This is just temporary so we can do a final clean rebase of the
EL6 branch before they fork (0.5.0 drops Python 2.6 support so
it can't go to EL6).

.gitignore

@@ -1,2 +1,3 @@
 /defusedxml-0.4.tar.gz
 /defusedxml-0.4.1.tar.gz
+/defusedxml-0.5.0.tar.gz

python-defusedxml-entity_loop.patch

@@ -1,52 +0,0 @@
-diff -ru defusedxml-0.4.1-orig/tests.py defusedxml-0.4.1/tests.py
---- defusedxml-0.4.1-orig/tests.py	2015-07-17 05:28:36.501213026 +0000
-+++ defusedxml-0.4.1/tests.py	2015-07-17 05:21:51.633843568 +0000
-@@ -133,11 +133,12 @@
-             self.iterparse(self.xml_simple_ns)
- 
-     def test_entities_forbidden(self):
--        self.assertRaises(EntitiesForbidden, self.parse, self.xml_bomb)
-+        self.assertRaises((EntitiesForbidden, XMLSyntaxError),
-+                          self.parse, self.xml_bomb)
-         self.assertRaises(EntitiesForbidden, self.parse, self.xml_quadratic)
-         self.assertRaises(EntitiesForbidden, self.parse, self.xml_external)
- 
--        self.assertRaises(EntitiesForbidden, self.parseString,
-+        self.assertRaises((EntitiesForbidden, XMLSyntaxError), self.parseString,
-                           self.get_content(self.xml_bomb))
-         self.assertRaises(EntitiesForbidden, self.parseString,
-                           self.get_content(self.xml_quadratic))
-@@ -157,8 +158,8 @@
-                           forbid_entities=False)
- 
-     def test_dtd_forbidden(self):
--        self.assertRaises(DTDForbidden, self.parse, self.xml_bomb,
--                          forbid_dtd=True)
-+        self.assertRaises((DTDForbidden, XMLSyntaxError), self.parse,
-+                          self.xml_bomb, forbid_dtd=True)
-         self.assertRaises(DTDForbidden, self.parse, self.xml_quadratic,
-                           forbid_dtd=True)
-         self.assertRaises(DTDForbidden, self.parse, self.xml_external,
-@@ -166,7 +167,7 @@
-         self.assertRaises(DTDForbidden, self.parse, self.xml_dtd,
-                           forbid_dtd=True)
- 
--        self.assertRaises(DTDForbidden, self.parseString,
-+        self.assertRaises((DTDForbidden, XMLSyntaxError), self.parseString,
-                           self.get_content(self.xml_bomb),
-                           forbid_dtd=True)
-         self.assertRaises(DTDForbidden, self.parseString,
-@@ -355,8 +356,11 @@
-         pass
- 
-     def test_restricted_element1(self):
--        tree = self.module.parse(self.xml_bomb, forbid_dtd=False,
--                                 forbid_entities=False)
-+        try:
-+            tree = self.module.parse(self.xml_bomb, forbid_dtd=False,
-+                                     forbid_entities=False)
-+        except XMLSyntaxError:
-+            return
-         root = tree.getroot()
-         self.assertEqual(root.text, None)
- 

python-defusedxml-format_strings.patch

@@ -1,63 +0,0 @@
-diff -ru defusedxml-0.4.1-orig/defusedxml/common.py defusedxml-0.4.1/defusedxml/common.py
---- defusedxml-0.4.1-orig/defusedxml/common.py	2015-07-17 05:28:36.502213030 +0000
-+++ defusedxml-0.4.1/defusedxml/common.py	2015-07-22 11:22:24.203648541 +0000
-@@ -30,7 +30,7 @@
-         self.pubid = pubid
- 
-     def __str__(self):
--        tpl = "DTDForbidden(name='{}', system_id={!r}, public_id={!r})"
-+        tpl = "DTDForbidden(name='{0}', system_id={1!r}, public_id={2!r})"
-         return tpl.format(self.name, self.sysid, self.pubid)
- 
- 
-@@ -47,7 +47,7 @@
-         self.notation_name = notation_name
- 
-     def __str__(self):
--        tpl = "EntitiesForbidden(name='{}', system_id={!r}, public_id={!r})"
-+        tpl = "EntitiesForbidden(name='{0}', system_id={1!r}, public_id={2!r})"
-         return tpl.format(self.name, self.sysid, self.pubid)
- 
- 
-@@ -62,7 +62,7 @@
-         self.pubid = pubid
- 
-     def __str__(self):
--        tpl = "ExternalReferenceForbidden(system_id='{}', public_id={})"
-+        tpl = "ExternalReferenceForbidden(system_id='{0}', public_id={1})"
-         return tpl.format(self.sysid, self.pubid)
- 
- 
-diff -ru defusedxml-0.4.1-orig/other/exploit_webdav.py defusedxml-0.4.1/other/exploit_webdav.py
---- defusedxml-0.4.1-orig/other/exploit_webdav.py	2015-07-17 05:28:36.503213033 +0000
-+++ defusedxml-0.4.1/other/exploit_webdav.py	2015-07-22 11:23:15.893964297 +0000
-@@ -9,7 +9,7 @@
- import httplib
- 
- if len(sys.argv) != 2:
--    sys.exit("{} http://user:password@host:port/".format(sys.argv[0]))
-+    sys.exit("{0} http://user:password@host:port/".format(sys.argv[0]))
- 
- url = urlparse.urlparse(sys.argv[1])
- 
-diff -ru defusedxml-0.4.1-orig/other/exploit_xmlrpc.py defusedxml-0.4.1/other/exploit_xmlrpc.py
---- defusedxml-0.4.1-orig/other/exploit_xmlrpc.py	2015-07-17 05:28:36.502213030 +0000
-+++ defusedxml-0.4.1/other/exploit_xmlrpc.py	2015-07-22 11:23:59.536230889 +0000
-@@ -7,7 +7,7 @@
- import urllib2
- 
- if len(sys.argv) != 2:
--    sys.exit("{} url".format(sys.argv[0]))
-+    sys.exit("{0} url".format(sys.argv[0]))
- 
- url = sys.argv[1]
- 
-@@ -32,7 +32,7 @@
- 
- req = urllib2.Request(url, data=xml, headers=headers)
- 
--print("Sending request to {}".format(url))
-+print("Sending request to {0}".format(url))
- 
- resp = urllib2.urlopen(req)
-

python-defusedxml.spec

@@ -1,29 +1,40 @@
-%global with_python3 1
+# Enable Python 3 builds for Fedora + EPEL >6
+%if 0%{?fedora} || 0%{?rhel} > 6
+# If the definition isn't available for python3_pkgversion, define it
+%{?!python3_pkgversion:%global python3_pkgversion 3}
+%bcond_without  python3
+%else
+%bcond_with     python3
+%endif
+
 %global pypi_name defusedxml
+# define the license macro as doc if licensedir is not defined for
+# compatibility with EPEL
+%{!?_licensedir:%global license %%doc}
 
 Name:           python-%{pypi_name}
-Version:        0.4.1
-Release:        4%{?dist}
+Version:        0.5.0
+Release:        1%{?dist}
 Summary:        XML bomb protection for Python stdlib modules
 License:        Python
-URL:            https://bitbucket.org/tiran/defusedxml
-Source0:        http://pypi.python.org/packages/source/d/%{pypi_name}/%{pypi_name}-%{version}.tar.gz
-
-# https://bugzilla.redhat.com/show_bug.cgi?id=927883#c14
-Patch0:         %{name}-entity_loop.patch
-Patch1:         %{name}-format_strings.patch
-
+URL:            https://github.com/tiran/defusedxml
+Source0:        https://files.pythonhosted.org/packages/source/d/%{pypi_name}/%{pypi_name}-%{version}.tar.gz
 
 BuildArch:      noarch
 
 BuildRequires:  python2-devel
+# No python2-setuptools on EL 7
 BuildRequires:  python-setuptools
 
 %if 0%{with_python3}
-BuildRequires:  python3-devel
-BuildRequires:  python3-setuptools
-%endif
+BuildRequires:  python%{python3_pkgversion}-devel
+BuildRequires:  python%{python3_pkgversion}-setuptools
 
+%if 0%{?with_python3_other}
+BuildRequires:  python%{python3_other_pkgversion}-setuptools
+BuildRequires:  python%{python3_other_pkgversion}-devel
+%endif # with_python3_other
+%endif # with_python3
 
 %description
 The defusedxml package contains several Python-only workarounds and fixes for
@@ -32,66 +43,119 @@ to benefit from the protection you just have to import and use the listed
 functions / classes from the right defusedxml module instead of the original
 module.
 
-%if 0%{?with_python3}
-%package -n python3-%{pypi_name}
+%package -n python2-%{pypi_name}
 Summary:        XML bomb protection for Python stdlib modules
+%{?python_provide:%python_provide python2-%{pypi_name}}
 
-%description -n python3-%{pypi_name}
+%description -n python2-%{pypi_name}
 The defusedxml package contains several Python-only workarounds and fixes for
 denial of service and other vulnerabilities in Python's XML libraries. In order
 to benefit from the protection you just have to import and use the listed
 functions / classes from the right defusedxml module instead of the original
-module.
+module. This is the Python 2 build.
+
+%if 0%{with_python3}
+%package -n python%{python3_pkgversion}-%{pypi_name}
+Summary:        XML bomb protection for Python stdlib modules
+%{?python_provide:%python_provide python%{python3_pkgversion}-%{pypi_name}}
+
+%description -n python%{python3_pkgversion}-%{pypi_name}
+The defusedxml package contains several Python-only workarounds and fixes for
+denial of service and other vulnerabilities in Python's XML libraries. In order
+to benefit from the protection you just have to import and use the listed
+functions / classes from the right defusedxml module instead of the original
+module. This is the python%{python3_pkgversion} build.
+
+%if 0%{?with_python3_other}
+%package -n python%{python3_other_pkgversion}-%{pypi_name}
+Summary:        XML bomb protection for Python stdlib modules
+%{?python_provide:%python_provide python%{python3_pkgversion}-%{pypi_name}}
+
+%description -n python%{python3_other_pkgversion}-%{pypi_name}
+The defusedxml package contains several Python-only workarounds and fixes for
+denial of service and other vulnerabilities in Python's XML libraries. In order
+to benefit from the protection you just have to import and use the listed
+functions / classes from the right defusedxml module instead of the original
+module. This is the python%{python3_other_pkgversion} build.
+%endif # with_python3_other
 %endif # with_python3
 
 %prep
 %setup -q -n %{pypi_name}-%{version}
-%patch0 -p1
-%patch1 -p1
-
-%if 0%{?with_python3}
-rm -rf %{py3dir}
-cp -a . %{py3dir}
-find %{py3dir} -name '*.py' | xargs sed -i '1s|^#!/bin/env python|#!%{__python3}|'
-%endif # with_python3
 
 %build
-%{__python} setup.py build
-%if 0%{?with_python3}
-pushd %{py3dir}
-%{__python3} setup.py build
-popd
+%py2_build
+%if 0%{with_python3}
+%py3_build
+%if 0%{?with_python3_other}
+%py3_other_build
+%endif # with_python3_other
 %endif # with_python3
 
 %install
-%{__python} setup.py install --skip-build --root %{buildroot}
-%if 0%{?with_python3}
-pushd %{py3dir}
-%{__python3} setup.py install --skip-build --root %{buildroot}
-popd
+%py2_install
+%if 0%{with_python3}
+%py3_install
+%if 0%{?with_python3_other}
+%py3_other_install
+%endif # with_python3_other
 %endif # with_python3
 
 %check
-%{__python} tests.py
-%if 0%{?with_python3}
-pushd %{py3dir}
+%{__python2} tests.py
+%if 0%{with_python3}
 %{__python3} tests.py
-popd
 %endif # with_python3
 
-%files
-%doc README.txt README.html LICENSE CHANGES.txt
-%{python_sitelib}/%{pypi_name}
-%{python_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
+%files -n python2-%{pypi_name}
+%doc README.txt README.html CHANGES.txt
+%license LICENSE
+%{python2_sitelib}/%{pypi_name}
+%{python2_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
 
-%if 0%{?with_python3}
-%files -n python3-%{pypi_name}
-%doc README.txt README.html LICENSE CHANGES.txt
+%if 0%{with_python3}
+%files -n python%{python3_pkgversion}-%{pypi_name}
+%doc README.txt README.html CHANGES.txt
+%license LICENSE
 %{python3_sitelib}/%{pypi_name}
 %{python3_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
+
+%if 0%{?with_python3_other}
+%files -n python%{python3_other_pkgversion}-%{pypi_name}
+%doc README.txt README.html CHANGES.txt
+%license LICENSE
+%{python3_other_sitelib}/%{pypi_name}
+%{python3__other_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
+%endif # with_python3_other
 %endif # with_python3
 
 %changelog
+* Fri Feb 10 2017 Adam Williamson <awilliam@redhat.com> - 0.5.0-1
+- Update to 0.5.0, drop merged/superseded patches
+- Enable Python 3 build for EPEL 7, per https://fedoraproject.org/wiki/PackagingDrafts:Python3EPEL
+- Drop format-string patch as Python 2.6 is no longer supported anyway
+- Update URL to github
+- Update source URL for pypi changes
+
+* Thu Dec 22 2016 Adam Williamson <awilliam@redhat.com> - 0.4.1-9
+- Fix incompatibility with Python 3.6 (gh#3 / gh#4)
+
+* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com>
+- Rebuild for Python 3.6
+
+* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-8
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Sun Nov 15 2015 Ralph Bean <rbean@redhat.com> - 0.4.1-6
+- Added explicit python2 subpackage with modern provides statement.
+- Only apply the entity_loop patch on enterprisey builds.
+
+* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
+
 * Wed Aug 05 2015 Miro Hrončok <mhroncok@redhat.com> - 0.4.1-4
 - Add patches by Avram Lubkin
 - https://bugzilla.redhat.com/show_bug.cgi?id=927883#c14

sources

@@ -1 +1 @@
-230a5eff64f878b392478e30376d673a  defusedxml-0.4.1.tar.gz
+SHA512 (defusedxml-0.5.0.tar.gz) = 71e1a604df9be41ded454bcdfa63610e897eb405295d7365fcddfc5f50f7572c36f0bd91a4a1fdf47d1b097637bd9fdcf08f1cdb73e2fe64eea0320a7532e452