Spec URL: https://raw.github.com/hroncok/SPECS/master/python-defusedxml.spec SRPM URL: https://github.com/downloads/hroncok/SPECS/python-defusedxml-0.4-1.fc18.src.rpm Description: The defusedxml package contains several Python-only workarounds and fixes for denial of service and other vulnerabilities in Python's XML libraries. In order to benefit from the protection you just have to import and use the listed functions / classes from the right defusedxml module instead of the original module. Fedora Account System Username: churchyard
I'll review this.
I can't find anything wrong with this package. Rpmlint is silent (except of some typical "spelling-errors") and the package follows all guidelines. APPROVED
New Package SCM Request ======================= Package Name: python-defusedxml Short Description: XML bomb protection for Python stdlib modules Owners: churchyard bkabrda Branches: f17 f18 f19
Git done (by process-git-requests).
Package Change Request ====================== Package Name: python-defusedxml New Branches: el6 Owners: churchyard bkabrda
Sorry, I've forgot the EPEL.
python-defusedxml-0.4-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/python-defusedxml-0.4-1.fc18
python-defusedxml-0.4-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/python-defusedxml-0.4-1.el6
python-defusedxml-0.4-1.fc18 has been pushed to the Fedora 18 testing repository.
python-defusedxml-0.4-1.fc17 has been pushed to the Fedora 17 stable repository.
python-defusedxml-0.4-1.fc18 has been pushed to the Fedora 18 stable repository.
python-defusedxml-0.4-1.el6 has been pushed to the Fedora EPEL 6 stable repository.
Looks like python-defusedxml was never added to EPEL 7. Can we get that added? Also, I'm attaching a couple patches: python-defusedxml-0.4.1-entity_loop.patch It looks like in the mass rebuilds, --nocheck is used, so the tests don't actually run, but when I rebuild manually, I noticed a few of the tests fail with: lxml.etree.XMLSyntaxError: Detected an entity reference loop, line 1, column 4 This is due to a security patch in libxml2. It's legitimate, but the tests are expecting the wrong exception. I emailed the maintainer about it, but haven't heard anything yet. This patch modifies the tests so they check for what is expected. python-defusedxml-0.4.1-format_strings.patch This is from a pull request in the defusedxml repo. It fixes some string formatting syntax so it work in Python 2.6 as well as 2.7+ https://bitbucket.org/tiran/defusedxml/pull-request/1/make-format-strings-python26-compatible/diff
Created attachment 1054818 [details] python-defusedxml-0.4.1-entity_loop.patch
Created attachment 1054819 [details] python-defusedxml-0.4.1-format_strings.patch
Package Change Request ====================== Package Name: python-defusedxml New Branches: epel7 Owners: churchyard bkabrda
python-defusedxml-0.4.1-4.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/python-defusedxml-0.4.1-4.el7
python-defusedxml-0.4.1-4.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/python-defusedxml-0.4.1-4.fc21
python-defusedxml-0.4.1-4.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/python-defusedxml-0.4.1-4.fc22
python-defusedxml-0.4.1-4.fc23 has been submitted as an update for Fedora 23. https://admin.fedoraproject.org/updates/python-defusedxml-0.4.1-4.fc23
python-defusedxml-0.4.1-4.el7 has been pushed to the Fedora EPEL 7 stable repository.
python-defusedxml-0.4.1-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
python-defusedxml-0.4.1-4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
python-defusedxml-0.4.1-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.