Bug 927883
| Summary: | Review Request: python-defusedxml - XML bomb protection for Python stdlib modules | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Miro Hrončok <mhroncok> | ||||||
| Component: | Package Review | Assignee: | Bohuslav "Slavek" Kabrda <bkabrda> | ||||||
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | rawhide | CC: | aviso, bkabrda, notting, package-review | ||||||
| Target Milestone: | --- | Flags: | bkabrda:
fedora-review+
gwync: fedora-cvs+ |
||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | 0.4.1-4.fc21 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2013-04-05 23:10:33 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 923738 | ||||||||
| Attachments: |
|
||||||||
|
Description
Miro Hrončok
2013-03-26 12:43:44 UTC
I'll review this. I can't find anything wrong with this package. Rpmlint is silent (except of some typical "spelling-errors") and the package follows all guidelines. APPROVED New Package SCM Request ======================= Package Name: python-defusedxml Short Description: XML bomb protection for Python stdlib modules Owners: churchyard bkabrda Branches: f17 f18 f19 Git done (by process-git-requests). Package Change Request ====================== Package Name: python-defusedxml New Branches: el6 Owners: churchyard bkabrda Sorry, I've forgot the EPEL. Git done (by process-git-requests). python-defusedxml-0.4-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/python-defusedxml-0.4-1.fc18 python-defusedxml-0.4-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/python-defusedxml-0.4-1.el6 python-defusedxml-0.4-1.fc18 has been pushed to the Fedora 18 testing repository. python-defusedxml-0.4-1.fc17 has been pushed to the Fedora 17 stable repository. python-defusedxml-0.4-1.fc18 has been pushed to the Fedora 18 stable repository. python-defusedxml-0.4-1.el6 has been pushed to the Fedora EPEL 6 stable repository. Looks like python-defusedxml was never added to EPEL 7. Can we get that added? Also, I'm attaching a couple patches: python-defusedxml-0.4.1-entity_loop.patch It looks like in the mass rebuilds, --nocheck is used, so the tests don't actually run, but when I rebuild manually, I noticed a few of the tests fail with: lxml.etree.XMLSyntaxError: Detected an entity reference loop, line 1, column 4 This is due to a security patch in libxml2. It's legitimate, but the tests are expecting the wrong exception. I emailed the maintainer about it, but haven't heard anything yet. This patch modifies the tests so they check for what is expected. python-defusedxml-0.4.1-format_strings.patch This is from a pull request in the defusedxml repo. It fixes some string formatting syntax so it work in Python 2.6 as well as 2.7+ https://bitbucket.org/tiran/defusedxml/pull-request/1/make-format-strings-python26-compatible/diff Created attachment 1054818 [details]
python-defusedxml-0.4.1-entity_loop.patch
Created attachment 1054819 [details]
python-defusedxml-0.4.1-format_strings.patch
Package Change Request ====================== Package Name: python-defusedxml New Branches: epel7 Owners: churchyard bkabrda Git done (by process-git-requests). python-defusedxml-0.4.1-4.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/python-defusedxml-0.4.1-4.el7 python-defusedxml-0.4.1-4.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/python-defusedxml-0.4.1-4.fc21 python-defusedxml-0.4.1-4.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/python-defusedxml-0.4.1-4.fc22 python-defusedxml-0.4.1-4.fc23 has been submitted as an update for Fedora 23. https://admin.fedoraproject.org/updates/python-defusedxml-0.4.1-4.fc23 python-defusedxml-0.4.1-4.el7 has been pushed to the Fedora EPEL 7 stable repository. python-defusedxml-0.4.1-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. python-defusedxml-0.4.1-4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. python-defusedxml-0.4.1-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. |