peeweep/python-defusedxml
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: peeweep:f23
Branches Tags
peeweep:rawhide peeweep:f44 peeweep:main peeweep:f43 peeweep:f42 peeweep:epel10 peeweep:epel10.0 peeweep:epel10.1 peeweep:epel10.2 peeweep:f41 peeweep:f40 peeweep:epel7 peeweep:f39 peeweep:f38 peeweep:f37 peeweep:epel8-playground peeweep:f36 peeweep:epel9 peeweep:f35 peeweep:f33 peeweep:f34 peeweep:epel8 peeweep:f32 peeweep:f31 peeweep:f30 peeweep:f29 peeweep:f28 peeweep:f27 peeweep:f24 peeweep:f25 peeweep:f26 peeweep:el6 peeweep:f21 peeweep:f22 peeweep:f23 peeweep:f20 peeweep:f17 peeweep:f18 peeweep:f19
...
pull from: peeweep:epel8-playground
Branches Tags
peeweep:f44 peeweep:main peeweep:rawhide peeweep:f43 peeweep:f42 peeweep:epel10 peeweep:epel10.0 peeweep:epel10.1 peeweep:epel10.2 peeweep:f41 peeweep:f40 peeweep:epel7 peeweep:f39 peeweep:f38 peeweep:f37 peeweep:epel8-playground peeweep:f36 peeweep:epel9 peeweep:f35 peeweep:f33 peeweep:f34 peeweep:epel8 peeweep:f32 peeweep:f31 peeweep:f30 peeweep:f29 peeweep:f28 peeweep:f27 peeweep:f24 peeweep:f25 peeweep:f26 peeweep:el6 peeweep:f21 peeweep:f22 peeweep:f23 peeweep:f20 peeweep:f17 peeweep:f18 peeweep:f19

25 Commits
f23 ... epel8-play

Author SHA1 Message Date
Troy Dawson
510bae60ae epel8-playground decommissioned : https://pagure.io/epel/issue/136 2022-01-31 15:04:20 -08:00
Stephen Smoogen
6c18e163b4 remove package.cfg from merged files 2019-07-25 21:52:34 +00:00
Mohan Boddu
851067357f "Adding package.cfg file" 2019-07-19 11:17:31 -04:00
Miro Hrončok
6bae04a203 Remove Python 2 subpackage 2019-05-09 15:39:44 +02:00
Miro Hrončok
082a4dbedd Update to 0.6.0 (#1699639) 2019-05-09 15:36:22 +02:00
Miro Hrončok
38eed839d4 Add patch for Python 3.8 support 
https://github.com/tiran/defusedxml/pull/35
 2019-04-10 14:11:06 +02:00
Fedora Release Engineering
a3fd36dd25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-02-02 06:20:43 +00:00
Fedora Release Engineering
08592600c3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-07-13 23:58:21 +00:00
Miro Hrončok
b0ba67f931 Rebuilt for Python 3.7 2018-06-18 11:51:24 +02:00
Iryna Shcherbina
b6287a6c82 Update Python 2 dependency declarations to new packaging standards 2018-02-12 01:39:45 +01:00
Fedora Release Engineering
a8d1c871ee - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-02-09 07:20:33 +00:00
Fedora Release Engineering
0f762e05f7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 10:01:50 +00:00
Adam Williamson
85a145e648 Add 0.5.0 source tarball, d'oh 2017-02-10 10:44:18 -08:00
Adam Williamson
30fd0c53c2 Merge branch 'master' into epel7 2017-02-10 10:23:46 -08:00
Adam Williamson
2864d19e19 Update to 0.5.0, enable Python 3 for EPEL 7, drop merged patches 2017-02-10 10:21:38 -08:00
Adam Williamson
967467ab0f BR python-setuptools not python2-setuptools 
This is just temporary so we can do a final clean rebase of the
EL6 branch before they fork (0.5.0 drops Python 2.6 support so
it can't go to EL6).
 2017-02-10 09:18:00 -08:00
Adam Williamson
a7078684c6 Fix Python 3.6 compatibility (gh#3 / gh#4) 2016-12-22 12:58:16 -08:00
Miro Hrončok
309267b58f Rebuild for Python 3.6 2016-12-19 18:20:37 +01:00
Fedora Release Engineering
35fcd07e94 - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages 2016-07-19 09:21:58 +00:00
Fedora Release Engineering
047317282f - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 19:20:32 +00:00
Till Maas
164962eaa9 Define %license if needed for EPEL 2015-11-15 21:21:59 +01:00
Matej Stuchlik
5883a22562 Temporarily disable tests (rhbz#1282251) 
this helps unblock a bunch of failing packages, the test failures
don't seem to be valid anyway
 2015-11-15 21:02:57 +01:00
Peter Robinson
c9f4578f9e - Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 2015-11-10 15:33:16 +00:00
Miro Hrončok
898114da0e Merge branch 'master' into epel7 2015-08-05 18:28:01 +02:00
Miro Hrončok
e646a49ec8 Disable python3 build on epel7 2015-08-05 18:09:41 +02:00
6 changed files with 1 additions and 233 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@@ -1,2 +0,0 @@
/defusedxml-0.4.tar.gz
/defusedxml-0.4.1.tar.gz

1
dead.package Normal file
View File

@@ -0,0 +1 @@
epel8-playground decommissioned : https://pagure.io/epel/issue/136

52
python-defusedxml-entity_loop.patch
View File

@@ -1,52 +0,0 @@
diff -ru defusedxml-0.4.1-orig/tests.py defusedxml-0.4.1/tests.py
--- defusedxml-0.4.1-orig/tests.py 2015-07-17 05:28:36.501213026 +0000
+++ defusedxml-0.4.1/tests.py 2015-07-17 05:21:51.633843568 +0000
@@ -133,11 +133,12 @@
self.iterparse(self.xml_simple_ns)
def test_entities_forbidden(self):
- self.assertRaises(EntitiesForbidden, self.parse, self.xml_bomb)
+ self.assertRaises((EntitiesForbidden, XMLSyntaxError),
+ self.parse, self.xml_bomb)
self.assertRaises(EntitiesForbidden, self.parse, self.xml_quadratic)
self.assertRaises(EntitiesForbidden, self.parse, self.xml_external)
- self.assertRaises(EntitiesForbidden, self.parseString,
+ self.assertRaises((EntitiesForbidden, XMLSyntaxError), self.parseString,
self.get_content(self.xml_bomb))
self.assertRaises(EntitiesForbidden, self.parseString,
self.get_content(self.xml_quadratic))
@@ -157,8 +158,8 @@
forbid_entities=False)
def test_dtd_forbidden(self):
- self.assertRaises(DTDForbidden, self.parse, self.xml_bomb,
- forbid_dtd=True)
+ self.assertRaises((DTDForbidden, XMLSyntaxError), self.parse,
+ self.xml_bomb, forbid_dtd=True)
self.assertRaises(DTDForbidden, self.parse, self.xml_quadratic,
forbid_dtd=True)
self.assertRaises(DTDForbidden, self.parse, self.xml_external,
@@ -166,7 +167,7 @@
self.assertRaises(DTDForbidden, self.parse, self.xml_dtd,
forbid_dtd=True)
- self.assertRaises(DTDForbidden, self.parseString,
+ self.assertRaises((DTDForbidden, XMLSyntaxError), self.parseString,
self.get_content(self.xml_bomb),
forbid_dtd=True)
self.assertRaises(DTDForbidden, self.parseString,
@@ -355,8 +356,11 @@
pass
def test_restricted_element1(self):
- tree = self.module.parse(self.xml_bomb, forbid_dtd=False,
- forbid_entities=False)
+ try:
+ tree = self.module.parse(self.xml_bomb, forbid_dtd=False,
+ forbid_entities=False)
+ except XMLSyntaxError:
+ return
root = tree.getroot()
self.assertEqual(root.text, None)

63
python-defusedxml-format_strings.patch
View File

@@ -1,63 +0,0 @@
diff -ru defusedxml-0.4.1-orig/defusedxml/common.py defusedxml-0.4.1/defusedxml/common.py
--- defusedxml-0.4.1-orig/defusedxml/common.py 2015-07-17 05:28:36.502213030 +0000
+++ defusedxml-0.4.1/defusedxml/common.py 2015-07-22 11:22:24.203648541 +0000
@@ -30,7 +30,7 @@
self.pubid = pubid
def __str__(self):
- tpl = "DTDForbidden(name='{}', system_id={!r}, public_id={!r})"
+ tpl = "DTDForbidden(name='{0}', system_id={1!r}, public_id={2!r})"
return tpl.format(self.name, self.sysid, self.pubid)
@@ -47,7 +47,7 @@
self.notation_name = notation_name
def __str__(self):
- tpl = "EntitiesForbidden(name='{}', system_id={!r}, public_id={!r})"
+ tpl = "EntitiesForbidden(name='{0}', system_id={1!r}, public_id={2!r})"
return tpl.format(self.name, self.sysid, self.pubid)
@@ -62,7 +62,7 @@
self.pubid = pubid
def __str__(self):
- tpl = "ExternalReferenceForbidden(system_id='{}', public_id={})"
+ tpl = "ExternalReferenceForbidden(system_id='{0}', public_id={1})"
return tpl.format(self.sysid, self.pubid)
diff -ru defusedxml-0.4.1-orig/other/exploit_webdav.py defusedxml-0.4.1/other/exploit_webdav.py
--- defusedxml-0.4.1-orig/other/exploit_webdav.py 2015-07-17 05:28:36.503213033 +0000
+++ defusedxml-0.4.1/other/exploit_webdav.py 2015-07-22 11:23:15.893964297 +0000
@@ -9,7 +9,7 @@
import httplib
if len(sys.argv) != 2:
- sys.exit("{} http://user:password@host:port/".format(sys.argv[0]))
+ sys.exit("{0} http://user:password@host:port/".format(sys.argv[0]))
url = urlparse.urlparse(sys.argv[1])
diff -ru defusedxml-0.4.1-orig/other/exploit_xmlrpc.py defusedxml-0.4.1/other/exploit_xmlrpc.py
--- defusedxml-0.4.1-orig/other/exploit_xmlrpc.py 2015-07-17 05:28:36.502213030 +0000
+++ defusedxml-0.4.1/other/exploit_xmlrpc.py 2015-07-22 11:23:59.536230889 +0000
@@ -7,7 +7,7 @@
import urllib2
if len(sys.argv) != 2:
- sys.exit("{} url".format(sys.argv[0]))
+ sys.exit("{0} url".format(sys.argv[0]))
url = sys.argv[1]
@@ -32,7 +32,7 @@
req = urllib2.Request(url, data=xml, headers=headers)
-print("Sending request to {}".format(url))
+print("Sending request to {0}".format(url))
resp = urllib2.urlopen(req)

115
python-defusedxml.spec
View File

@@ -1,115 +0,0 @@
%global with_python3 1
%global pypi_name defusedxml
Name: python-%{pypi_name}
Version: 0.4.1
Release: 4%{?dist}
Summary: XML bomb protection for Python stdlib modules
License: Python
URL: https://bitbucket.org/tiran/defusedxml
Source0: http://pypi.python.org/packages/source/d/%{pypi_name}/%{pypi_name}-%{version}.tar.gz
# https://bugzilla.redhat.com/show_bug.cgi?id=927883#c14
Patch0: %{name}-entity_loop.patch
Patch1: %{name}-format_strings.patch
BuildArch: noarch
BuildRequires: python2-devel
BuildRequires: python-setuptools
%if 0%{with_python3}
BuildRequires: python3-devel
BuildRequires: python3-setuptools
%endif
%description
The defusedxml package contains several Python-only workarounds and fixes for
denial of service and other vulnerabilities in Python's XML libraries. In order
to benefit from the protection you just have to import and use the listed
functions / classes from the right defusedxml module instead of the original
module.
%if 0%{?with_python3}
%package -n python3-%{pypi_name}
Summary: XML bomb protection for Python stdlib modules
%description -n python3-%{pypi_name}
The defusedxml package contains several Python-only workarounds and fixes for
denial of service and other vulnerabilities in Python's XML libraries. In order
to benefit from the protection you just have to import and use the listed
functions / classes from the right defusedxml module instead of the original
module.
%endif # with_python3
%prep
%setup -q -n %{pypi_name}-%{version}
%patch0 -p1
%patch1 -p1
%if 0%{?with_python3}
rm -rf %{py3dir}
cp -a . %{py3dir}
find %{py3dir} -name '*.py' | xargs sed -i '1s|^#!/bin/env python|#!%{__python3}|'
%endif # with_python3
%build
%{__python} setup.py build
%if 0%{?with_python3}
pushd %{py3dir}
%{__python3} setup.py build
popd
%endif # with_python3
%install
%{__python} setup.py install --skip-build --root %{buildroot}
%if 0%{?with_python3}
pushd %{py3dir}
%{__python3} setup.py install --skip-build --root %{buildroot}
popd
%endif # with_python3
%check
%{__python} tests.py
%if 0%{?with_python3}
pushd %{py3dir}
%{__python3} tests.py
popd
%endif # with_python3
%files
%doc README.txt README.html LICENSE CHANGES.txt
%{python_sitelib}/%{pypi_name}
%{python_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
%if 0%{?with_python3}
%files -n python3-%{pypi_name}
%doc README.txt README.html LICENSE CHANGES.txt
%{python3_sitelib}/%{pypi_name}
%{python3_sitelib}/%{pypi_name}-%{version}-py?.?.egg-info
%endif # with_python3
%changelog
* Wed Aug 05 2015 Miro Hrončok <mhroncok@redhat.com> - 0.4.1-4
- Add patches by Avram Lubkin
- https://bugzilla.redhat.com/show_bug.cgi?id=927883#c14
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Mon May 26 2014 Miro Hrončok <mhroncok@redhat.com> - 0.4.1-1
- Updated to 0.4.1 (#1100730)
* Tue May 13 2014 Bohuslav Kabrda <bkabrda@redhat.com> - 0.4-3
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Mar 26 2013 Miro Hrončok <mhroncok@redhat.com> - 0.4-1
- Initial package.

1
sources
View File

@@ -1 +0,0 @@
230a5eff64f878b392478e30376d673a defusedxml-0.4.1.tar.gz